Open jrossi opened 10 years ago
Added to local rules:
Works OK initially, but after making a change to the policy, all monitoring stops and this is listed in ossec.log
2012/07/18 12:28:44 ossec-remoted: socketerr (not available). 2012/07/18 12:28:44 ossec-remoted(1210): ERROR: Queue '/queue/ossec/queue' not accessible: 'Connection refused'. 2012/07/18 12:28:44 ossec-syscheckd: socketerr (not available). 2012/07/18 12:28:44 ossec-syscheckd(1224): ERROR: Error sending message to queue. 2012/07/18 12:28:44 ossec-logcollector: socketerr (not available). 2012/07/18 12:28:44 ossec-logcollector(1224): ERROR: Error sending message to queue. 2012/07/18 12:28:47 ossec-remoted(1210): ERROR: Queue '/queue/ossec/queue' not accessible: 'Connection refused'. 2012/07/18 12:28:47 ossec-remoted(1211): ERROR: Unable to access queue: '/queue/ossec/queue'. Giving up.. 2012/07/18 12:28:47 ossec-syscheckd(1210): ERROR: Queue '/data/ossec/queue/ossec/queue' not accessible: 'Connection refused'. 2012/07/18 12:28:47 ossec-syscheckd(1211): ERROR: Unable to access queue: '/data/ossec/queue/ossec/queue'. Giving up.. 2012/07/18 12:28:47 ossec-logcollector(1210): ERROR: Queue '/data/ossec/queue/ossec/queue' not accessible: 'Connection refused'. 2012/07/18 12:28:47 ossec-logcollector(1211): ERROR: Unable to access queue: '/data/ossec/queue/ossec/queue'. Giving up..
At this point OSSEC has to be restarted.
Note: This issue has been automatically migrated from Bitbucket Created by mstarks01 on 2012-07-18 23:47:49+00:00
Added to local rules:
Works OK initially, but after making a change to the policy, all monitoring stops and this is listed in ossec.log
2012/07/18 12:28:44 ossec-remoted: socketerr (not available). 2012/07/18 12:28:44 ossec-remoted(1210): ERROR: Queue '/queue/ossec/queue' not accessible: 'Connection refused'. 2012/07/18 12:28:44 ossec-syscheckd: socketerr (not available). 2012/07/18 12:28:44 ossec-syscheckd(1224): ERROR: Error sending message to queue. 2012/07/18 12:28:44 ossec-logcollector: socketerr (not available). 2012/07/18 12:28:44 ossec-logcollector(1224): ERROR: Error sending message to queue. 2012/07/18 12:28:47 ossec-remoted(1210): ERROR: Queue '/queue/ossec/queue' not accessible: 'Connection refused'. 2012/07/18 12:28:47 ossec-remoted(1211): ERROR: Unable to access queue: '/queue/ossec/queue'. Giving up.. 2012/07/18 12:28:47 ossec-syscheckd(1210): ERROR: Queue '/data/ossec/queue/ossec/queue' not accessible: 'Connection refused'. 2012/07/18 12:28:47 ossec-syscheckd(1211): ERROR: Unable to access queue: '/data/ossec/queue/ossec/queue'. Giving up.. 2012/07/18 12:28:47 ossec-logcollector(1210): ERROR: Queue '/data/ossec/queue/ossec/queue' not accessible: 'Connection refused'. 2012/07/18 12:28:47 ossec-logcollector(1211): ERROR: Unable to access queue: '/data/ossec/queue/ossec/queue'. Giving up..
At this point OSSEC has to be restarted.
Note: This issue has been automatically migrated from Bitbucket Created by mstarks01 on 2012-07-18 23:47:49+00:00