On Tue, Feb 24, 2015 at 9:24 PM, 'C0nfus1i0n' via ossec-list <[email protected]> wrote: > While researching a build error in another application, i found a solution > to my compile problems! > > sudo apt-get purge libc6-dev > sudo apt-get install libc6-dev >
Just where I said it was. :-) > On Tuesday, February 24, 2015 at 6:58:31 PM UTC-5, dan (ddpbsd) wrote: >> >> >> On Feb 24, 2015 6:48 PM, "'C0nfus1i0n' via ossec-list" >> <[email protected]> wrote: >> > >> > ossec.log only shows that one set of errors (posted in my previous >> > reply). >> > >> > Output of `/var/ossec/bin/ossec-logtest -t`: >> > >> > 2015/02/24 18:39:06 ossec-testrule: INFO: Reading local decoder file. >> > >> >> Try an upgrade installation. >> >> > On Tuesday, February 24, 2015 at 4:12:57 PM UTC-5, dan (ddpbsd) wrote: >> >> >> >> >> >> On Feb 24, 2015 4:06 PM, "'C0nfus1i0n' via ossec-list" >> >> <[email protected]> wrote: >> >> > >> >> > The current error is: >> >> > >> >> > 2015/02/24 15:50:18 ossec-syscheckd(1210): ERROR: Queue >> >> > '/var/ossec/queue/ossec/queue' not accessible: 'Connection refused'. >> >> > 2015/02/24 15:50:18 ossec-rootcheck(1210): ERROR: Queue >> >> > '/var/ossec/queue/ossec/queue' not accessible: 'Connection refused'. >> >> > 2015/02/24 15:50:24 ossec-logcollector(1210): ERROR: Queue >> >> > '/var/ossec/queue/ossec/queue' not accessible: 'Connection refused'. >> >> > 2015/02/24 15:50:24 ossec-logcollector(1211): ERROR: Unable to access >> >> > queue: '/var/ossec/queue/ossec/queue'. Giving up.. >> >> > 2015/02/24 15:50:26 ossec-syscheckd(1210): ERROR: Queue >> >> > '/var/ossec/queue/ossec/queue' not accessible: 'Connection refused'. >> >> > 2015/02/24 15:50:26 ossec-rootcheck(1210): ERROR: Queue >> >> > '/var/ossec/queue/ossec/queue' not accessible: 'Connection refused'. >> >> > 2015/02/24 15:50:39 ossec-syscheckd(1210): ERROR: Queue >> >> > '/var/ossec/queue/ossec/queue' not accessible: 'Connection refused'. >> >> > 2015/02/24 15:50:39 ossec-rootcheck(1211): ERROR: Unable to access >> >> > queue: '/var/ossec/queue/ossec/queue'. Giving up.. >> >> > >> >> > The permissions of /var/ossec/queue/ossec/queue are: >> >> > >> >> > root@server:~# ls -al /var/ossec/queue/ossec/queue >> >> > total 8 >> >> > drwxr-x--- 2 ossec ossec 4096 Feb 23 22:23 . >> >> > drwxrwx--- 3 ossec ossec 4096 Feb 23 22:23 .. >> >> > >> >> > The output of /var/ossec/bin/ossec-control status is: >> >> > >> >> > ossec-monitord not running... >> >> > ossec-logcollector: Process 59577 not used by ossec, removing .. >> >> > ossec-logcollector not running... >> >> > ossec-remoted not running... >> >> > ossec-syscheckd not running... >> >> > ossec-analysisd: Process 59573 not used by ossec, removing .. >> >> > ossec-analysisd not running... >> >> > ossec-maild not running... >> >> > ossec-execd is running... >> >> > >> >> >> >> Ok, so it looks like your processes aren't starting up properly. Did >> >> you check the ossec.log? >> >> Run: `/var/ossec/bin/ossec-logtest -t` >> >> >> >> > >> >> > On Tuesday, February 24, 2015 at 8:39:58 AM UTC-5, dan (ddpbsd) >> >> > wrote: >> >> >> >> >> >> On Mon, Feb 23, 2015 at 11:13 PM, 'C0nfus1i0n' via ossec-list >> >> >> <[email protected]> wrote: >> >> >> > I managed to get rid of the other error messages. Now only the >> >> >> > first few >> >> >> > remain. Here's my ossec.log: >> >> >> > >> >> >> >> >> >> You've posted a couple of messages with errors, which ones are >> >> >> giving >> >> >> you issues now? >> >> >> What are the permissions of /var/ossec/queue/ossec/queue? >> >> >> If you run `/var/ossec/bin/ossec-control status` what is the output? >> >> >> >> >> >> > 2015/02/23 23:09:57 ossec-execd(1314): INFO: Shutdown received. >> >> >> > Deleting >> >> >> > responses. >> >> >> > 2015/02/23 23:09:57 ossec-execd(1225): INFO: SIGNAL Received. Exit >> >> >> > Cleaning... >> >> >> > 2015/02/23 23:09:58 ossec-testrule: INFO: Reading local decoder >> >> >> > file. >> >> >> > 2015/02/23 23:09:58 ossec-testrule: INFO: Started (pid: 15869). >> >> >> > 2015/02/23 23:09:58 ossec-execd: INFO: Started (pid: 15892). >> >> >> > 2015/02/23 23:09:58 ossec-analysisd: INFO: Reading local decoder >> >> >> > file. >> >> >> > 2015/02/23 23:09:58 ossec-analysisd: INFO: Reading rules file: >> >> >> > 'rules_config.xml' >> >> >> > 2015/02/23 23:09:58 ossec-remoted: INFO: Started (pid: 15904). >> >> >> > 2015/02/23 23:09:58 ossec-analysisd: INFO: Reading rules file: >> >> >> > 'pam_rules.xml' >> >> >> > 2015/02/23 23:09:58 ossec-remoted: Remote syslog allowed from: >> >> >> > '127.0.0.1' >> >> >> > 2015/02/23 23:09:58 ossec-remoted: Remote syslog allowed from: >> >> >> > '192.95.30.10' >> >> >> > 2015/02/23 23:09:58 ossec-analysisd: INFO: Reading rules file: >> >> >> > 'sshd_rules.xml' >> >> >> > 2015/02/23 23:09:58 ossec-analysisd: INFO: Reading rules file: >> >> >> > 'telnetd_rules.xml' >> >> >> > 2015/02/23 23:09:58 ossec-analysisd: INFO: Reading rules file: >> >> >> > 'syslog_rules.xml' >> >> >> > 2015/02/23 23:09:58 ossec-analysisd: INFO: Reading rules file: >> >> >> > 'arpwatch_rules.xml' >> >> >> > 2015/02/23 23:09:58 ossec-analysisd: INFO: Reading rules file: >> >> >> > 'symantec-av_rules.xml' >> >> >> > 2015/02/23 23:09:58 ossec-analysisd: INFO: Reading rules file: >> >> >> > 'symantec-ws_rules.xml' >> >> >> > 2015/02/23 23:09:58 ossec-analysisd: INFO: Reading rules file: >> >> >> > 'pix_rules.xml' >> >> >> > 2015/02/23 23:09:58 ossec-analysisd: INFO: Reading rules file: >> >> >> > 'named_rules.xml' >> >> >> > 2015/02/23 23:09:58 ossec-analysisd: INFO: Reading rules file: >> >> >> > 'smbd_rules.xml' >> >> >> > 2015/02/23 23:09:58 ossec-analysisd: INFO: Reading rules file: >> >> >> > 'vsftpd_rules.xml' >> >> >> > 2015/02/23 23:09:58 ossec-analysisd: INFO: Reading rules file: >> >> >> > 'pure-ftpd_rules.xml' >> >> >> > 2015/02/23 23:09:58 ossec-analysisd: INFO: Reading rules file: >> >> >> > 'proftpd_rules.xml' >> >> >> > 2015/02/23 23:09:58 ossec-analysisd: INFO: Reading rules file: >> >> >> > 'ms_ftpd_rules.xml' >> >> >> > 2015/02/23 23:09:58 ossec-analysisd: INFO: Reading rules file: >> >> >> > 'ftpd_rules.xml' >> >> >> > 2015/02/23 23:09:58 ossec-analysisd: INFO: Reading rules file: >> >> >> > 'hordeimp_rules.xml' >> >> >> > 2015/02/23 23:09:58 ossec-analysisd: INFO: Reading rules file: >> >> >> > 'roundcube_rules.xml' >> >> >> > 2015/02/23 23:09:58 ossec-analysisd: INFO: Reading rules file: >> >> >> > 'wordpress_rules.xml' >> >> >> > 2015/02/23 23:09:58 ossec-analysisd: INFO: Reading rules file: >> >> >> > 'cimserver_rules.xml' >> >> >> > 2015/02/23 23:09:58 ossec-analysisd: INFO: Reading rules file: >> >> >> > 'vpopmail_rules.xml' >> >> >> > 2015/02/23 23:09:58 ossec-analysisd: INFO: Reading rules file: >> >> >> > 'vmpop3d_rules.xml' >> >> >> > 2015/02/23 23:09:58 ossec-analysisd: INFO: Reading rules file: >> >> >> > 'courier_rules.xml' >> >> >> > 2015/02/23 23:09:58 ossec-analysisd: INFO: Reading rules file: >> >> >> > 'web_rules.xml' >> >> >> > 2015/02/23 23:09:58 ossec-analysisd: INFO: Reading rules file: >> >> >> > 'web_appsec_rules.xml' >> >> >> > 2015/02/23 23:09:58 ossec-analysisd: INFO: Reading rules file: >> >> >> > 'apache_rules.xml' >> >> >> > 2015/02/23 23:09:58 ossec-analysisd: INFO: Reading rules file: >> >> >> > 'nginx_rules.xml' >> >> >> > 2015/02/23 23:09:58 ossec-analysisd: INFO: Reading rules file: >> >> >> > 'php_rules.xml' >> >> >> > 2015/02/23 23:09:58 ossec-analysisd: INFO: Reading rules file: >> >> >> > 'mysql_rules.xml' >> >> >> > 2015/02/23 23:09:58 ossec-analysisd: INFO: Reading rules file: >> >> >> > 'postgresql_rules.xml' >> >> >> > 2015/02/23 23:09:58 ossec-analysisd: INFO: Reading rules file: >> >> >> > 'ids_rules.xml' >> >> >> > 2015/02/23 23:09:58 ossec-analysisd: INFO: Reading rules file: >> >> >> > 'squid_rules.xml' >> >> >> > 2015/02/23 23:09:58 ossec-analysisd: INFO: Reading rules file: >> >> >> > 'firewall_rules.xml' >> >> >> > 2015/02/23 23:09:58 ossec-analysisd: INFO: Reading rules file: >> >> >> > 'cisco-ios_rules.xml' >> >> >> > 2015/02/23 23:09:58 ossec-analysisd: INFO: Reading rules file: >> >> >> > 'netscreenfw_rules.xml' >> >> >> > 2015/02/23 23:09:58 ossec-analysisd: INFO: Reading rules file: >> >> >> > 'sonicwall_rules.xml' >> >> >> > 2015/02/23 23:09:58 ossec-analysisd: INFO: Reading rules file: >> >> >> > 'postfix_rules.xml' >> >> >> > 2015/02/23 23:09:58 ossec-analysisd: INFO: Reading rules file: >> >> >> > 'sendmail_rules.xml' >> >> >> > 2015/02/23 23:09:58 ossec-analysisd: INFO: Reading rules file: >> >> >> > 'imapd_rules.xml' >> >> >> > 2015/02/23 23:09:58 ossec-analysisd: INFO: Reading rules file: >> >> >> > 'mailscanner_rules.xml' >> >> >> > 2015/02/23 23:09:58 ossec-analysisd: INFO: Reading rules file: >> >> >> > 'dovecot_rules.xml' >> >> >> > 2015/02/23 23:09:58 ossec-analysisd: INFO: Reading rules file: >> >> >> > 'ms-exchange_rules.xml' >> >> >> > 2015/02/23 23:09:58 ossec-analysisd: INFO: Reading rules file: >> >> >> > 'racoon_rules.xml' >> >> >> > 2015/02/23 23:09:58 ossec-analysisd: INFO: Reading rules file: >> >> >> > 'vpn_concentrator_rules.xml' >> >> >> > 2015/02/23 23:09:58 ossec-analysisd: INFO: Reading rules file: >> >> >> > 'spamd_rules.xml' >> >> >> > 2015/02/23 23:09:58 ossec-analysisd: INFO: Reading rules file: >> >> >> > 'msauth_rules.xml' >> >> >> > 2015/02/23 23:09:58 ossec-analysisd: INFO: Reading rules file: >> >> >> > 'mcafee_av_rules.xml' >> >> >> > 2015/02/23 23:09:58 ossec-analysisd: INFO: Reading rules file: >> >> >> > 'trend-osce_rules.xml' >> >> >> > 2015/02/23 23:09:58 ossec-analysisd: INFO: Reading rules file: >> >> >> > 'ms-se_rules.xml' >> >> >> > 2015/02/23 23:09:58 ossec-analysisd: INFO: Reading rules file: >> >> >> > 'zeus_rules.xml' >> >> >> > 2015/02/23 23:09:58 ossec-analysisd: INFO: Reading rules file: >> >> >> > 'solaris_bsm_rules.xml' >> >> >> > 2015/02/23 23:09:58 ossec-analysisd: INFO: Reading rules file: >> >> >> > 'vmware_rules.xml' >> >> >> > 2015/02/23 23:09:58 ossec-analysisd: INFO: Reading rules file: >> >> >> > 'ms_dhcp_rules.xml' >> >> >> > 2015/02/23 23:09:58 ossec-analysisd: INFO: Reading rules file: >> >> >> > 'asterisk_rules.xml' >> >> >> > 2015/02/23 23:09:58 ossec-analysisd: INFO: Reading rules file: >> >> >> > 'ossec_rules.xml' >> >> >> > 2015/02/23 23:09:58 ossec-analysisd: INFO: Reading rules file: >> >> >> > 'attack_rules.xml' >> >> >> > 2015/02/23 23:09:58 ossec-analysisd: INFO: Reading rules file: >> >> >> > 'openbsd_rules.xml' >> >> >> > 2015/02/23 23:09:58 ossec-analysisd: INFO: Reading rules file: >> >> >> > 'clam_av_rules.xml' >> >> >> > 2015/02/23 23:09:58 ossec-analysisd: INFO: Reading rules file: >> >> >> > 'dropbear_rules.xml' >> >> >> > 2015/02/23 23:09:58 ossec-analysisd: INFO: Reading rules file: >> >> >> > 'local_rules.xml' >> >> >> > 2015/02/23 23:09:58 ossec-analysisd: INFO: Total rules enabled: >> >> >> > '1310' >> >> >> > 2015/02/23 23:09:58 ossec-analysisd: INFO: Ignoring file: >> >> >> > '/etc/mtab' >> >> >> > 2015/02/23 23:09:58 ossec-analysisd: INFO: Ignoring file: >> >> >> > '/etc/mnttab' >> >> >> > 2015/02/23 23:09:58 ossec-analysisd: INFO: Ignoring file: >> >> >> > '/etc/hosts.deny' >> >> >> > 2015/02/23 23:09:58 ossec-analysisd: INFO: Ignoring file: >> >> >> > '/etc/mail/statistics' >> >> >> > 2015/02/23 23:09:58 ossec-analysisd: INFO: Ignoring file: >> >> >> > '/etc/random-seed' >> >> >> > 2015/02/23 23:09:58 ossec-analysisd: INFO: Ignoring file: >> >> >> > '/etc/adjtime' >> >> >> > 2015/02/23 23:09:58 ossec-analysisd: INFO: Ignoring file: >> >> >> > '/etc/httpd/logs' >> >> >> > 2015/02/23 23:09:58 ossec-analysisd: INFO: Ignoring file: >> >> >> > '/etc/utmpx' >> >> >> > 2015/02/23 23:09:58 ossec-analysisd: INFO: Ignoring file: >> >> >> > '/etc/wtmpx' >> >> >> > 2015/02/23 23:09:58 ossec-analysisd: INFO: Ignoring file: >> >> >> > '/etc/cups/certs' >> >> >> > 2015/02/23 23:09:58 ossec-analysisd: INFO: Ignoring file: >> >> >> > '/etc/dumpdates' >> >> >> > 2015/02/23 23:09:58 ossec-analysisd: INFO: Ignoring file: >> >> >> > '/etc/svc/volatile' >> >> >> > 2015/02/23 23:09:58 ossec-analysisd: INFO: Ignoring file: >> >> >> > 'C:\WINDOWS/System32/LogFiles' >> >> >> > 2015/02/23 23:09:58 ossec-analysisd: INFO: Ignoring file: >> >> >> > 'C:\WINDOWS/Debug' >> >> >> > 2015/02/23 23:09:58 ossec-analysisd: INFO: Ignoring file: >> >> >> > 'C:\WINDOWS/WindowsUpdate.log' >> >> >> > 2015/02/23 23:09:58 ossec-analysisd: INFO: Ignoring file: >> >> >> > 'C:\WINDOWS/iis6.log' >> >> >> > 2015/02/23 23:09:58 ossec-analysisd: INFO: Ignoring file: >> >> >> > 'C:\WINDOWS/system32/wbem/Logs' >> >> >> > 2015/02/23 23:09:58 ossec-analysisd: INFO: Ignoring file: >> >> >> > 'C:\WINDOWS/system32/wbem/Repository' >> >> >> > 2015/02/23 23:09:58 ossec-analysisd: INFO: Ignoring file: >> >> >> > 'C:\WINDOWS/Prefetch' >> >> >> > 2015/02/23 23:09:58 ossec-analysisd: INFO: Ignoring file: >> >> >> > 'C:\WINDOWS/PCHEALTH/HELPCTR/DataColl' >> >> >> > 2015/02/23 23:09:58 ossec-analysisd: INFO: Ignoring file: >> >> >> > 'C:\WINDOWS/SoftwareDistribution' >> >> >> > 2015/02/23 23:09:58 ossec-analysisd: INFO: Ignoring file: >> >> >> > 'C:\WINDOWS/Temp' >> >> >> > 2015/02/23 23:09:58 ossec-analysisd: INFO: Ignoring file: >> >> >> > 'C:\WINDOWS/system32/config' >> >> >> > 2015/02/23 23:09:58 ossec-analysisd: INFO: Ignoring file: >> >> >> > 'C:\WINDOWS/system32/spool' >> >> >> > 2015/02/23 23:09:58 ossec-analysisd: INFO: Ignoring file: >> >> >> > 'C:\WINDOWS/system32/CatRoot' >> >> >> > 2015/02/23 23:10:01 ossec-syscheckd(1210): ERROR: Queue >> >> >> > '/var/ossec/queue/ossec/queue' not accessible: 'Connection >> >> >> > refused'. >> >> >> > 2015/02/23 23:10:01 ossec-rootcheck(1210): ERROR: Queue >> >> >> > '/var/ossec/queue/ossec/queue' not accessible: 'Connection >> >> >> > refused'. >> >> >> > 2015/02/23 23:10:07 ossec-logcollector(1210): ERROR: Queue >> >> >> > '/var/ossec/queue/ossec/queue' not accessible: 'Connection >> >> >> > refused'. >> >> >> > 2015/02/23 23:10:07 ossec-logcollector(1211): ERROR: Unable to >> >> >> > access queue: >> >> >> > '/var/ossec/queue/ossec/queue'. Giving up.. >> >> >> > 2015/02/23 23:10:09 ossec-syscheckd(1210): ERROR: Queue >> >> >> > '/var/ossec/queue/ossec/queue' not accessible: 'Connection >> >> >> > refused'. >> >> >> > 2015/02/23 23:10:09 ossec-rootcheck(1210): ERROR: Queue >> >> >> > '/var/ossec/queue/ossec/queue' not accessible: 'Connection >> >> >> > refused'. >> >> >> > 2015/02/23 23:10:22 ossec-syscheckd(1210): ERROR: Queue >> >> >> > '/var/ossec/queue/ossec/queue' not accessible: 'Connection >> >> >> > refused'. >> >> >> > 2015/02/23 23:10:22 ossec-rootcheck(1211): ERROR: Unable to access >> >> >> > queue: >> >> >> > '/var/ossec/queue/ossec/queue'. Giving up.. >> >> >> > >> >> >> > On Monday, February 23, 2015 at 9:48:45 PM UTC-5, C0nfus1i0n >> >> >> > wrote: >> >> >> >> >> >> >> >> I restored from an even older backup and OSSEC is back, except i >> >> >> >> can't get >> >> >> >> it to start. Here's what happens when i restart its daemon: >> >> >> >> >> >> >> >> 2015/02/23 21:03:22 ossec-syscheckd(1210): ERROR: Queue >> >> >> >> '/var/ossec/queue/ossec/ >> >> >> >> queue' not accessible: 'Queue not found'. >> >> >> >> 2015/02/23 21:03:37 ossec-rootcheck(1210): ERROR: Queue >> >> >> >> '/var/ossec/queue/ossec/ >> >> >> >> queue' not accessible: 'No such file or directory'. >> >> >> >> 2015/02/23 21:03:48 ossec-syscheckd(1210): ERROR: Queue >> >> >> >> '/var/ossec/queue/ossec/ >> >> >> >> queue' not accessible: 'Queue not found'. >> >> >> >> 2015/02/23 21:04:03 ossec-rootcheck(1210): ERROR: Queue >> >> >> >> '/var/ossec/queue/ossec/ >> >> >> >> queue' not accessible: 'No such file or directory'. >> >> >> >> >> >> >> >> How do i fix that? >> >> >> > >> >> >> > -- >> >> >> > >> >> >> > --- >> >> >> > You received this message because you are subscribed to the Google >> >> >> > Groups >> >> >> > "ossec-list" group. >> >> >> > To unsubscribe from this group and stop receiving emails from it, >> >> >> > send an >> >> >> > email to [email protected]. >> >> >> > For more options, visit https://groups.google.com/d/optout. >> >> > >> >> > -- >> >> > >> >> > --- >> >> > You received this message because you are subscribed to the Google >> >> > Groups "ossec-list" group. >> >> > To unsubscribe from this group and stop receiving emails from it, >> >> > send an email to [email protected]. >> >> > For more options, visit https://groups.google.com/d/optout. >> > >> > -- >> > >> > --- >> > You received this message because you are subscribed to the Google >> > Groups "ossec-list" group. >> > To unsubscribe from this group and stop receiving emails from it, send >> > an email to [email protected]. >> > For more options, visit https://groups.google.com/d/optout. > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
