On Mon, Feb 23, 2015 at 11:13 PM, 'C0nfus1i0n' via ossec-list <[email protected]> wrote: > I managed to get rid of the other error messages. Now only the first few > remain. Here's my ossec.log: >
You've posted a couple of messages with errors, which ones are giving you issues now? What are the permissions of /var/ossec/queue/ossec/queue? If you run `/var/ossec/bin/ossec-control status` what is the output? > 2015/02/23 23:09:57 ossec-execd(1314): INFO: Shutdown received. Deleting > responses. > 2015/02/23 23:09:57 ossec-execd(1225): INFO: SIGNAL Received. Exit > Cleaning... > 2015/02/23 23:09:58 ossec-testrule: INFO: Reading local decoder file. > 2015/02/23 23:09:58 ossec-testrule: INFO: Started (pid: 15869). > 2015/02/23 23:09:58 ossec-execd: INFO: Started (pid: 15892). > 2015/02/23 23:09:58 ossec-analysisd: INFO: Reading local decoder file. > 2015/02/23 23:09:58 ossec-analysisd: INFO: Reading rules file: > 'rules_config.xml' > 2015/02/23 23:09:58 ossec-remoted: INFO: Started (pid: 15904). > 2015/02/23 23:09:58 ossec-analysisd: INFO: Reading rules file: > 'pam_rules.xml' > 2015/02/23 23:09:58 ossec-remoted: Remote syslog allowed from: '127.0.0.1' > 2015/02/23 23:09:58 ossec-remoted: Remote syslog allowed from: > '192.95.30.10' > 2015/02/23 23:09:58 ossec-analysisd: INFO: Reading rules file: > 'sshd_rules.xml' > 2015/02/23 23:09:58 ossec-analysisd: INFO: Reading rules file: > 'telnetd_rules.xml' > 2015/02/23 23:09:58 ossec-analysisd: INFO: Reading rules file: > 'syslog_rules.xml' > 2015/02/23 23:09:58 ossec-analysisd: INFO: Reading rules file: > 'arpwatch_rules.xml' > 2015/02/23 23:09:58 ossec-analysisd: INFO: Reading rules file: > 'symantec-av_rules.xml' > 2015/02/23 23:09:58 ossec-analysisd: INFO: Reading rules file: > 'symantec-ws_rules.xml' > 2015/02/23 23:09:58 ossec-analysisd: INFO: Reading rules file: > 'pix_rules.xml' > 2015/02/23 23:09:58 ossec-analysisd: INFO: Reading rules file: > 'named_rules.xml' > 2015/02/23 23:09:58 ossec-analysisd: INFO: Reading rules file: > 'smbd_rules.xml' > 2015/02/23 23:09:58 ossec-analysisd: INFO: Reading rules file: > 'vsftpd_rules.xml' > 2015/02/23 23:09:58 ossec-analysisd: INFO: Reading rules file: > 'pure-ftpd_rules.xml' > 2015/02/23 23:09:58 ossec-analysisd: INFO: Reading rules file: > 'proftpd_rules.xml' > 2015/02/23 23:09:58 ossec-analysisd: INFO: Reading rules file: > 'ms_ftpd_rules.xml' > 2015/02/23 23:09:58 ossec-analysisd: INFO: Reading rules file: > 'ftpd_rules.xml' > 2015/02/23 23:09:58 ossec-analysisd: INFO: Reading rules file: > 'hordeimp_rules.xml' > 2015/02/23 23:09:58 ossec-analysisd: INFO: Reading rules file: > 'roundcube_rules.xml' > 2015/02/23 23:09:58 ossec-analysisd: INFO: Reading rules file: > 'wordpress_rules.xml' > 2015/02/23 23:09:58 ossec-analysisd: INFO: Reading rules file: > 'cimserver_rules.xml' > 2015/02/23 23:09:58 ossec-analysisd: INFO: Reading rules file: > 'vpopmail_rules.xml' > 2015/02/23 23:09:58 ossec-analysisd: INFO: Reading rules file: > 'vmpop3d_rules.xml' > 2015/02/23 23:09:58 ossec-analysisd: INFO: Reading rules file: > 'courier_rules.xml' > 2015/02/23 23:09:58 ossec-analysisd: INFO: Reading rules file: > 'web_rules.xml' > 2015/02/23 23:09:58 ossec-analysisd: INFO: Reading rules file: > 'web_appsec_rules.xml' > 2015/02/23 23:09:58 ossec-analysisd: INFO: Reading rules file: > 'apache_rules.xml' > 2015/02/23 23:09:58 ossec-analysisd: INFO: Reading rules file: > 'nginx_rules.xml' > 2015/02/23 23:09:58 ossec-analysisd: INFO: Reading rules file: > 'php_rules.xml' > 2015/02/23 23:09:58 ossec-analysisd: INFO: Reading rules file: > 'mysql_rules.xml' > 2015/02/23 23:09:58 ossec-analysisd: INFO: Reading rules file: > 'postgresql_rules.xml' > 2015/02/23 23:09:58 ossec-analysisd: INFO: Reading rules file: > 'ids_rules.xml' > 2015/02/23 23:09:58 ossec-analysisd: INFO: Reading rules file: > 'squid_rules.xml' > 2015/02/23 23:09:58 ossec-analysisd: INFO: Reading rules file: > 'firewall_rules.xml' > 2015/02/23 23:09:58 ossec-analysisd: INFO: Reading rules file: > 'cisco-ios_rules.xml' > 2015/02/23 23:09:58 ossec-analysisd: INFO: Reading rules file: > 'netscreenfw_rules.xml' > 2015/02/23 23:09:58 ossec-analysisd: INFO: Reading rules file: > 'sonicwall_rules.xml' > 2015/02/23 23:09:58 ossec-analysisd: INFO: Reading rules file: > 'postfix_rules.xml' > 2015/02/23 23:09:58 ossec-analysisd: INFO: Reading rules file: > 'sendmail_rules.xml' > 2015/02/23 23:09:58 ossec-analysisd: INFO: Reading rules file: > 'imapd_rules.xml' > 2015/02/23 23:09:58 ossec-analysisd: INFO: Reading rules file: > 'mailscanner_rules.xml' > 2015/02/23 23:09:58 ossec-analysisd: INFO: Reading rules file: > 'dovecot_rules.xml' > 2015/02/23 23:09:58 ossec-analysisd: INFO: Reading rules file: > 'ms-exchange_rules.xml' > 2015/02/23 23:09:58 ossec-analysisd: INFO: Reading rules file: > 'racoon_rules.xml' > 2015/02/23 23:09:58 ossec-analysisd: INFO: Reading rules file: > 'vpn_concentrator_rules.xml' > 2015/02/23 23:09:58 ossec-analysisd: INFO: Reading rules file: > 'spamd_rules.xml' > 2015/02/23 23:09:58 ossec-analysisd: INFO: Reading rules file: > 'msauth_rules.xml' > 2015/02/23 23:09:58 ossec-analysisd: INFO: Reading rules file: > 'mcafee_av_rules.xml' > 2015/02/23 23:09:58 ossec-analysisd: INFO: Reading rules file: > 'trend-osce_rules.xml' > 2015/02/23 23:09:58 ossec-analysisd: INFO: Reading rules file: > 'ms-se_rules.xml' > 2015/02/23 23:09:58 ossec-analysisd: INFO: Reading rules file: > 'zeus_rules.xml' > 2015/02/23 23:09:58 ossec-analysisd: INFO: Reading rules file: > 'solaris_bsm_rules.xml' > 2015/02/23 23:09:58 ossec-analysisd: INFO: Reading rules file: > 'vmware_rules.xml' > 2015/02/23 23:09:58 ossec-analysisd: INFO: Reading rules file: > 'ms_dhcp_rules.xml' > 2015/02/23 23:09:58 ossec-analysisd: INFO: Reading rules file: > 'asterisk_rules.xml' > 2015/02/23 23:09:58 ossec-analysisd: INFO: Reading rules file: > 'ossec_rules.xml' > 2015/02/23 23:09:58 ossec-analysisd: INFO: Reading rules file: > 'attack_rules.xml' > 2015/02/23 23:09:58 ossec-analysisd: INFO: Reading rules file: > 'openbsd_rules.xml' > 2015/02/23 23:09:58 ossec-analysisd: INFO: Reading rules file: > 'clam_av_rules.xml' > 2015/02/23 23:09:58 ossec-analysisd: INFO: Reading rules file: > 'dropbear_rules.xml' > 2015/02/23 23:09:58 ossec-analysisd: INFO: Reading rules file: > 'local_rules.xml' > 2015/02/23 23:09:58 ossec-analysisd: INFO: Total rules enabled: '1310' > 2015/02/23 23:09:58 ossec-analysisd: INFO: Ignoring file: '/etc/mtab' > 2015/02/23 23:09:58 ossec-analysisd: INFO: Ignoring file: '/etc/mnttab' > 2015/02/23 23:09:58 ossec-analysisd: INFO: Ignoring file: '/etc/hosts.deny' > 2015/02/23 23:09:58 ossec-analysisd: INFO: Ignoring file: > '/etc/mail/statistics' > 2015/02/23 23:09:58 ossec-analysisd: INFO: Ignoring file: '/etc/random-seed' > 2015/02/23 23:09:58 ossec-analysisd: INFO: Ignoring file: '/etc/adjtime' > 2015/02/23 23:09:58 ossec-analysisd: INFO: Ignoring file: '/etc/httpd/logs' > 2015/02/23 23:09:58 ossec-analysisd: INFO: Ignoring file: '/etc/utmpx' > 2015/02/23 23:09:58 ossec-analysisd: INFO: Ignoring file: '/etc/wtmpx' > 2015/02/23 23:09:58 ossec-analysisd: INFO: Ignoring file: '/etc/cups/certs' > 2015/02/23 23:09:58 ossec-analysisd: INFO: Ignoring file: '/etc/dumpdates' > 2015/02/23 23:09:58 ossec-analysisd: INFO: Ignoring file: > '/etc/svc/volatile' > 2015/02/23 23:09:58 ossec-analysisd: INFO: Ignoring file: > 'C:\WINDOWS/System32/LogFiles' > 2015/02/23 23:09:58 ossec-analysisd: INFO: Ignoring file: 'C:\WINDOWS/Debug' > 2015/02/23 23:09:58 ossec-analysisd: INFO: Ignoring file: > 'C:\WINDOWS/WindowsUpdate.log' > 2015/02/23 23:09:58 ossec-analysisd: INFO: Ignoring file: > 'C:\WINDOWS/iis6.log' > 2015/02/23 23:09:58 ossec-analysisd: INFO: Ignoring file: > 'C:\WINDOWS/system32/wbem/Logs' > 2015/02/23 23:09:58 ossec-analysisd: INFO: Ignoring file: > 'C:\WINDOWS/system32/wbem/Repository' > 2015/02/23 23:09:58 ossec-analysisd: INFO: Ignoring file: > 'C:\WINDOWS/Prefetch' > 2015/02/23 23:09:58 ossec-analysisd: INFO: Ignoring file: > 'C:\WINDOWS/PCHEALTH/HELPCTR/DataColl' > 2015/02/23 23:09:58 ossec-analysisd: INFO: Ignoring file: > 'C:\WINDOWS/SoftwareDistribution' > 2015/02/23 23:09:58 ossec-analysisd: INFO: Ignoring file: 'C:\WINDOWS/Temp' > 2015/02/23 23:09:58 ossec-analysisd: INFO: Ignoring file: > 'C:\WINDOWS/system32/config' > 2015/02/23 23:09:58 ossec-analysisd: INFO: Ignoring file: > 'C:\WINDOWS/system32/spool' > 2015/02/23 23:09:58 ossec-analysisd: INFO: Ignoring file: > 'C:\WINDOWS/system32/CatRoot' > 2015/02/23 23:10:01 ossec-syscheckd(1210): ERROR: Queue > '/var/ossec/queue/ossec/queue' not accessible: 'Connection refused'. > 2015/02/23 23:10:01 ossec-rootcheck(1210): ERROR: Queue > '/var/ossec/queue/ossec/queue' not accessible: 'Connection refused'. > 2015/02/23 23:10:07 ossec-logcollector(1210): ERROR: Queue > '/var/ossec/queue/ossec/queue' not accessible: 'Connection refused'. > 2015/02/23 23:10:07 ossec-logcollector(1211): ERROR: Unable to access queue: > '/var/ossec/queue/ossec/queue'. Giving up.. > 2015/02/23 23:10:09 ossec-syscheckd(1210): ERROR: Queue > '/var/ossec/queue/ossec/queue' not accessible: 'Connection refused'. > 2015/02/23 23:10:09 ossec-rootcheck(1210): ERROR: Queue > '/var/ossec/queue/ossec/queue' not accessible: 'Connection refused'. > 2015/02/23 23:10:22 ossec-syscheckd(1210): ERROR: Queue > '/var/ossec/queue/ossec/queue' not accessible: 'Connection refused'. > 2015/02/23 23:10:22 ossec-rootcheck(1211): ERROR: Unable to access queue: > '/var/ossec/queue/ossec/queue'. Giving up.. > > On Monday, February 23, 2015 at 9:48:45 PM UTC-5, C0nfus1i0n wrote: >> >> I restored from an even older backup and OSSEC is back, except i can't get >> it to start. Here's what happens when i restart its daemon: >> >> 2015/02/23 21:03:22 ossec-syscheckd(1210): ERROR: Queue >> '/var/ossec/queue/ossec/ >> queue' not accessible: 'Queue not found'. >> 2015/02/23 21:03:37 ossec-rootcheck(1210): ERROR: Queue >> '/var/ossec/queue/ossec/ >> queue' not accessible: 'No such file or directory'. >> 2015/02/23 21:03:48 ossec-syscheckd(1210): ERROR: Queue >> '/var/ossec/queue/ossec/ >> queue' not accessible: 'Queue not found'. >> 2015/02/23 21:04:03 ossec-rootcheck(1210): ERROR: Queue >> '/var/ossec/queue/ossec/ >> queue' not accessible: 'No such file or directory'. >> >> How do i fix that? > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
