[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Ossec-list] The part of ossec were aborted

Subject: [Ossec-list] The part of ossec were aborted
From: daniel.cid at gmail.com (Daniel Cid)
Date: Tue, 30 May 2006 11:37:48 -0300

Hi Oleksander,

Are you using version 0.8? Did you get any message about analysisd
starting? Basically, logcollector and syscheckd send their messages
to analysisd. If it is not running, you will get these errors (unable to
connect to socket). Can you also show us your logs from 5
minutes before logcollector died?

Thanks,

--
Daniel B. Cid
dcid @ ( at ) ossec.net

On 5/30/06, Oleksander Panchuk <oleksander.panchuk at cbn-cis.org> wrote:
>
>
>
>
> Hello again.
>
>
>
> What was happened with ossec-logcollector and ossec-syscheckd?
>
> It is repeated in 10-15 minutes after each restart ossec.
>
>
>
> ??
>
> ossec-logcollector(1950): Analyzing file: '/var/log/squid/access.log'.
>
>  ossec-logcollector(1950): Analyzing file: '/var/log/squid/cache.log'.
>
>  ossec-logcollector(1950): Analyzing file: '/var/log/squid/store.log'.
>
>  ossec-logcollector: Started (pid: 2372).
>
>  ossec-syscheckd: socketerr
>
>  ossec-syscheckd(1224): Error sending message to queue.
>
>  ossec-syscheckd(1210): Queue '/var/ossec/queue/ossec/queue' not accessible.
>
>  ossec-syscheckd(1211): Unable to access queue:
> '/var/ossec/queue/ossec/queue'. Giving up..
>
>  ossec-logcollector: socketerr
>
>  ossec-logcollector(1224): Error sending message to queue.
>
>  ossec-logcollector(1210): Queue '/var/ossec/queue/ossec/queue' not
> accessible.
>
>  ossec-logcollector(1211): Unable to access queue:
> '/var/ossec/queue/ossec/queue'. Giving up
>
>
>
> I updated Linux OS
>
>     libgomp.i386 4.1.1-1.fc5
>
>     gcc.i386 4.1.1-1.fc5
>
>     libgcj-devel.i386 4.1.1-1.fc5
>
>     libstdc++-devel.i386 4.1.1-1.fc5
>
>     gcc-java.i386 4.1.1-1.fc5
>
>     cpp.i386 4.1.1-1.fc5
>
>     libgcj.i386 4.1.1-1.fc5
>
>     gcc-c++.i386 4.1.1-1.fc5
>
>     libtool-ltdl.i386 1.5.22-2.3
>
>     libgcc.i386 4.1.1-1.fc5
>
>     libtool.i386 1.5.22-2.3
>
>     apr-devel.i386 1.2.2-7.3
>
>     libgnat.i386 4.1.1-1.fc5
>
>     libstdc++.i386 4.1.1-1.fc5
>
>     apr.i386 1.2.2-7.3
>
>
>
> Best regards,
>
> Aleksander.
>
>
>
>
> _______________________________________________
> ossec-list mailing list
> ossec-list at ossec.net
> http://mailman.underlinux.com.br/mailman/listinfo/ossec-list
>
>
>

Follow-Ups:
- [Ossec-list] The part of ossec were aborted
  - From: Oleksander Panchuk

References:
- [Ossec-list] The part of ossec were aborted
  - From: Oleksander Panchuk

Prev by Date: [Ossec-list] The part of ossec were aborted
Next by Date: [Ossec-list] Feature submission: Self supervision (was: RE : FIFO files and Agent/Server updates)
Previous by thread: [Ossec-list] The part of ossec were aborted
Next by thread: [Ossec-list] The part of ossec were aborted
Index(es):
- Date
- Thread

OSSEC home | Main Index | Thread Index

OSSEC project: www.ossec.net.
Mailling list information: http://www.ossec.net/en/mailing_lists.html.