[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Ossec-list] OSSEC seems to die occasionally

Subject: [Ossec-list] OSSEC seems to die occasionally
From: free_dixie at dixie-net.com (Thomas M. Jett)
Date: Tue, 18 Apr 2006 01:39:11 -0500

-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

Check the file permissions on /var/ossec/queue  I had the same problem
when I first installed ossec, and it became obvious pretty quick that
that directory was the problem. All you'll have to do is change the
permissions so that ossec can write to it.

Kayvan A. Sylvan wrote:

|Every once in a while, the OSSEC analysis engine dies. I have no idea
|where to begin to narrow down the cause.
|
|I see msesages like these in the /var/ossec/ossec.log:
|
|2006/04/17 22:48:49 ossec-analysisd: Started (pid: 5826).
|2006/04/17 22:48:49 ossec-analysisd: Connected to
'queue/alerts/mailq' (mail queue)
|2006/04/17 22:48:52 ossec-syscheckd: Started (pid: 5836).
|2006/04/17 22:48:52 ossec-analysisd: Connected to
'/queue/alerts/execq' (exec queue)
|2006/04/17 22:48:55 ossec-logcollector: Analyzing file: /var/log/messages
|2006/04/17 22:48:55 ossec-logcollector: Analyzing file: /var/log/secure
|2006/04/17 22:48:55 ossec-logcollector: Analyzing file: /var/log/xferlog
|2006/04/17 22:48:55 ossec-logcollector: Analyzing file:
/var/log/radius/radius.log
|2006/04/17 22:48:55 ossec-logcollector: Analyzing file:
/var/log/httpd/error_log
|2006/04/17 22:48:55 ossec-logcollector: Analyzing file:
/var/log/httpd/access_log
|2006/04/17 22:48:55 ossec-logcollector: Started (pid: 5830).
|2006/04/17 23:12:32 ossec-syscheckd: socketerr
|2006/04/17 23:12:32 ossec-syscheckd(1224): Error sending message to
queue.
|2006/04/17 23:12:34 ossec-logcollector: socketerr
|2006/04/17 23:12:34 ossec-logcollector(1224): Error sending message
to queue.
|2006/04/17 23:12:35 ossec-syscheckd(1210): Queue
'/var/ossec/queue/ossec/queue' not accessible.
|2006/04/17 23:12:35 ossec-syscheckd(1211): Unable to access queue:
'/var/ossec/queue/ossec/queue'. Giving up..
|2006/04/17 23:12:37 ossec-logcollector(1210): Queue
'/var/ossec/queue/ossec/queue' not accessible.
|2006/04/17 23:12:37 ossec-logcollector(1211): Unable to access queue:
'/var/ossec/queue/ossec/queue'. Giving up..
|

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFERImLlzq1/FLekkARA/dPAJ4swYxVzFRAOy3ZK023lHy8ovQzMwCeOuCV
no43WSXTNVuPAs8cqBJ4vyQ=
=BccI
-----END PGP SIGNATURE-----

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.underlinux.com.br/pipermail/ossec-list/attachments/20060418/76a3586a/attachment.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3265 bytes
Desc: S/MIME Cryptographic Signature
Url : http://mailman.underlinux.com.br/pipermail/ossec-list/attachments/20060418/76a3586a/attachment.bin

Follow-Ups:
- [Ossec-list] OSSEC seems to die occasionally
  - From: Kayvan A. Sylvan

References:
- [Ossec-list] Projects news
  - From: Daniel Cid
- [Ossec-list] OSSEC seems to die occasionally
  - From: Kayvan A. Sylvan

Prev by Date: [Ossec-list] OSSEC seems to die occasionally
Next by Date: [Ossec-list] OSSEC seems to die occasionally
Previous by thread: [Ossec-list] OSSEC seems to die occasionally
Next by thread: [Ossec-list] OSSEC seems to die occasionally
Index(es):
- Date
- Thread

OSSEC home | Main Index | Thread Index

OSSEC project: www.ossec.net.
Mailling list information: http://www.ossec.net/en/mailing_lists.html.