[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Ossec-list] The part of ossec were aborted

Subject: [Ossec-list] The part of ossec were aborted
From: peter at ifup.de (Peter Ahlert)
Date: Thu, 1 Jun 2006 17:55:48 +0200

Hi,

I would like to add just a quick "me too" ;) The log looks like the one from Oleksander
- no sign of analysisd dying. Only the files analyzed are different:


2006/06/01 01:49:34 ossec-logcollector(1950): Analyzing file: '/var/log/messages
'.
2006/06/01 01:49:34 ossec-logcollector(1950): Analyzing file: '/var/log/auth.log
'.
2006/06/01 01:49:34 ossec-logcollector(1950): Analyzing file: '/var/log/syslog'.
2006/06/01 01:49:34 ossec-logcollector(1950): Analyzing file: '/var/log/mail.inf
o'.
2006/06/01 01:49:34 ossec-logcollector(1950): Analyzing file: '/var/log/snort/al
ert'.
2006/06/01 01:49:34 ossec-logcollector(1950): Analyzing file: '/var/log/apache2/
error.log'.
2006/06/01 01:49:34 ossec-logcollector(1950): Analyzing file: '/var/log/apache2/
access.log'.

Greetings Peter



On Wed, 31 May 2006 10:17:52 +0300
"Oleksander Panchuk" <oleksander.panchuk at cbn-cis.org> wrote:

> Hi Daniel,
> I use 0.8 version of ossec.
> Everything were started, please, see below.
> 
> 2006/05/30 09:34:05 ossec-maild: Started (pid: 2360).
> 2006/05/30 09:34:05 ossec-analysisd: Reading rules file: 'rules_config.xml'
> 2006/05/30 09:34:05 ossec-analysisd: Reading rules file: 'sshd_rules.xml'
> 2006/05/30 09:34:05 ossec-analysisd: Reading rules file: 'syslog_rules.xml'
> 2006/05/30 09:34:05 ossec-analysisd: Reading rules file: 'pix_rules.xml'
> 2006/05/30 09:34:05 ossec-analysisd: Reading rules file: 'named_rules.xml'
> 2006/05/30 09:34:05 ossec-analysisd: Reading rules file:
> 'pure-ftpd_rules.xml'
> 2006/05/30 09:34:05 ossec-analysisd: Reading rules file: 'proftpd_rules.xml'
> 2006/05/30 09:34:05 ossec-analysisd: Reading rules file: 'web_rules.xml'
> 2006/05/30 09:34:05 ossec-analysisd: Reading rules file: 'apache_rules.xml'
> 2006/05/30 09:34:05 ossec-analysisd: Reading rules file: 'ids_rules.xml'
> 2006/05/30 09:34:05 ossec-analysisd: Reading rules file: 'squid_rules.xml'
> 2006/05/30 09:34:05 ossec-analysisd: Reading rules file:
> 'firewall_rules.xml'
> 2006/05/30 09:34:05 ossec-analysisd: Reading rules file: 'postfix_rules.xml'
> 2006/05/30 09:34:05 ossec-analysisd: Reading rules file:
> 'sendmail_rules.xml'
> 2006/05/30 09:34:05 ossec-analysisd: Reading rules file: 'spamd_rules.xml'
> 2006/05/30 09:34:05 ossec-analysisd: Reading rules file: 'msauth_rules.xml'
> 2006/05/30 09:34:05 ossec-analysisd: Reading rules file: 'attack_rules.xml'
> 2006/05/30 09:34:05 ossec-analysisd: Total rules enabled: '246'
> 2006/05/30 09:34:05 ossec-analysisd: Ignoring file: '/etc/mtab'
> 2006/05/30 09:34:05 ossec-analysisd: Ignoring file: '/etc/hosts.deny'
> 2006/05/30 09:34:05 ossec-analysisd: Ignoring file: '/etc/mail/statistics'
> 2006/05/30 09:34:05 ossec-analysisd: Ignoring file: '/etc/random-seed'
> 2006/05/30 09:34:05 ossec-analysisd: Ignoring file: '/etc/adjtime'
> 2006/05/30 09:34:05 ossec-analysisd: Ignoring file: '/etc/httpd/logs'
> 2006/05/30 09:34:05 ossec-execd: Started (pid: 2364).
> 2006/05/30 09:34:05 ossec-analysisd: 3 IPs in the white list for active
> response.
> 2006/05/30 09:34:05 ossec-analysisd: Started (pid: 2368).
> 2006/05/30 09:34:05 ossec-remoted: Started (pid: 2376).
> 2006/05/30 09:34:05 ossec-remoted: Started (pid: 2377).
> 2006/05/30 09:34:08 ossec-analysisd: Connected to '/queue/alerts/ar'
> (active-response queue
> 2006/05/30 09:34:08 ossec-analysisd: Connected to '/queue/alerts/execq'
> (exec queue)
> 2006/05/30 09:34:08 ossec-syscheckd: Started (pid: 2381).
> 2006/05/30 09:34:11 ossec-logcollector(1950): Analyzing file:
> '/var/log/messages'.
> 2006/05/30 09:34:11 ossec-logcollector(1950): Analyzing file:
> '/var/log/secure'.
> 2006/05/30 09:34:11 ossec-logcollector(1950): Analyzing file:
> '/var/log/xferlog'.
> 2006/05/30 09:34:11 ossec-logcollector(1950): Analyzing file:
> '/var/log/maillog'.
> 2006/05/30 09:34:11 ossec-logcollector(1950): Analyzing file:
> '/var/log/snort/alert'.
> 2006/05/30 09:34:12 ossec-logcollector(1950): Analyzing file:
> '/var/log/httpd/error_log'.
> 2006/05/30 09:34:12 ossec-logcollector(1950): Analyzing file:
> '/var/log/httpd/access_log'.
> 2006/05/30 09:34:12 ossec-logcollector(1950): Analyzing file:
> '/etc/httpd/logs/audit_log'.
> 2006/05/30 09:34:12 ossec-logcollector(1950): Analyzing file:
> '/etc/httpd/logs/ssl_request_
> 2006/05/30 09:34:12 ossec-logcollector(1950): Analyzing file:
> '/etc/httpd/logs/suexec.log'.
> 2006/05/30 09:34:12 ossec-logcollector(1950): Analyzing file:
> '/var/log/squid/access.log'.
> 2006/05/30 09:34:12 ossec-logcollector(1950): Analyzing file:
> '/var/log/squid/cache.log'.
> 2006/05/30 09:34:12 ossec-logcollector(1950): Analyzing file:
> '/var/log/squid/store.log'.
> 2006/05/30 09:34:12 ossec-logcollector: Started (pid: 2372).
> 2006/05/30 10:00:02 ossec-syscheckd: socketerr
> 2006/05/30 10:00:02 ossec-syscheckd(1224): Error sending message to queue.
> 2006/05/30 10:00:03 ossec-logcollector: socketerr
> 2006/05/30 10:00:03 ossec-logcollector(1224): Error sending message to
> queue.
> 2006/05/30 10:00:05 ossec-syscheckd(1210): Queue
> '/var/ossec/queue/ossec/queue' not accessible.
> 2006/05/30 10:00:05 ossec-syscheckd(1211): Unable to access queue:
> '/var/ossec/queue/ossec/queue'. Giving up..
> 2006/05/30 10:00:06 ossec-logcollector(1210): Queue
> '/var/ossec/queue/ossec/queue' not accessible.
> 2006/05/30 10:00:06 ossec-logcollector(1211): Unable to access queue:
> '/var/ossec/queue/ossec/queue/ossec/queue'. Giving up..
>

Follow-Ups:
- [Ossec-list] The part of ossec were aborted
  - From: Daniel Cid

Prev by Date: [Ossec-list] Strange HTTP PUT requests
Next by Date: [Ossec-list] The part of ossec were aborted
Previous by thread: [Ossec-list] Strange HTTP PUT requests
Next by thread: [Ossec-list] The part of ossec were aborted
Index(es):
- Date
- Thread

OSSEC home | Main Index | Thread Index

OSSEC project: www.ossec.net.
Mailling list information: http://www.ossec.net/en/mailing_lists.html.