Hi, my problem is keys of agents, now are ok. Thanks!!
Em sábado, 4 de março de 2017 18:33:43 UTC-3, dan (ddpbsd) escreveu: > > On Sat, Mar 4, 2017 at 2:36 PM, Eduardo Reichert Figueiredo > <eduardo....@hotmail.com <javascript:>> wrote: > > Hi All, > > i killed de process and take command "ossec-control start" and the > process > > of remoted stay up. > > But my agents "Windows" display "never connected" but the port 1514 stay > up > > and with tcpdump i see my agents send logs to server. > > > > strange... > > > > Is there anything in the ossec.log on the server? > If not, try enabling debug on the server and check again: > `/var/ossec/bin/ossec-control enable debug && > /var/ossec/bin/ossec-control restart` > > > Em quarta-feira, 1 de março de 2017 15:37:55 UTC-3, dan (ddpbsd) > escreveu: > >> > >> On Wed, Mar 1, 2017 at 6:59 AM, Eduardo Reichert Figueiredo > >> <eduardo....@hotmail.com> wrote: > >> > Port 1514 is already, i received UPD packets (validated with > tcpdump), > >> > ossec > >> > is running (monitord, logcollector, syscheck, analysisd), only > remoted > >> > not > >> > running, but remoted is displayed for port 1514 (netstat -vandup). > >> > > >> > >> Shutdown ossec: > >> `/var/ossec/bin/ossec-control stop` > >> > >> Make sure no processes are still running: > >> `ps auxww | grep ossec` > >> > >> If there are any running processes still, kill them manually. > >> Try starting OSSEC again: > >> `/var/ossec/bin/ossec-control start` > >> > >> If that doesn't help, can you provide the <remote> configuration? > >> > >> > Em quarta-feira, 1 de março de 2017 08:53:21 UTC-3, Eero Volotinen > >> > escreveu: > >> >> > >> >> Is something runnin on port 1514 already? or ossec already running? > >> >> > >> >> Eero > >> >> > >> >> 2017-03-01 13:50 GMT+02:00 Eduardo Reichert Figueiredo > >> >> <eduardo....@hotmail.com>: > >> >>> > >> >>> Dear All, > >> >>> i doing installing ossec server in RHEL 6.8, but just ossec-remoted > >> >>> not > >> >>> running, i do troubleshooting with commands bellow: > >> >>> #gdb /var/ossec-2.9/bin/ossec-remoted > >> >>> ###RESULT### > >> >>> <http://www.gnu.org/software/gdb/bugs/>... > >> >>> Reading symbols from /var/ossec-2.9/bin/ossec-remoted...(no > debugging > >> >>> symbols found)...done. > >> >>> (gdb) set follow-fork-mode child > >> >>> (gdb) run -df > >> >>> Starting program: /var/ossec-2.9/bin/ossec-remoted -df > >> >>> [Thread debugging using libthread_db enabled] > >> >>> 2017/03/01 08:36:40 ossec-remoted: DEBUG: Starting ... > >> >>> 2017/03/01 08:36:40 ossec-remoted: INFO: Started (pid: 88290). > >> >>> [New process 88293] > >> >>> 2017/03/01 08:36:40 ossec-remoted: DEBUG: Forking remoted: '1'. > >> >>> 2017/03/01 08:36:40 ossec-remoted(1206): ERROR: Unable to Bind port > >> >>> '1514' > >> >>> [Thread debugging using libthread_db enabled] > >> >>> 2017/03/01 08:36:40 ossec-remoted: DEBUG: Forking remoted: '0'. > >> >>> 2017/03/01 08:36:40 ossec-remoted: Remote syslog allowed from: > >> >>> '0.0.0.0/0' > >> >>> 2017/03/01 08:36:40 ossec-remoted: Remote syslog allowed from: > >> >>> '0.0.0.0/0' > >> >>> 2017/03/01 08:36:40 ossec-remoted(1206): ERROR: Unable to Bind port > >> >>> '1514' > >> >>> > >> >>> Program exited with code 01. > >> >>> Missing separate debuginfos, use: debuginfo-install > >> >>> glibc-2.12-1.192.el6.x86_64 keyutils-libs-1.4-5.el6.x86_64 > >> >>> krb5-libs-1.10.3-57.el6.x86_64 libcom_err-1.41.12-22.el6.x86_64 > >> >>> libselinux-2.0.94-7.el6.x86_64 openssl-1.0.1e-48.el6_8.4.x86_64 > >> >>> zlib-1.2.3-29.el6.x86_64 > >> >>> (gdb) Q > >> >>> > >> >>> Can you help me? > >> >>> > >> >>> -- > >> >>> > >> >>> --- > >> >>> You received this message because you are subscribed to the Google > >> >>> Groups > >> >>> "ossec-list" group. > >> >>> To unsubscribe from this group and stop receiving emails from it, > send > >> >>> an > >> >>> email to ossec-list+...@googlegroups.com. > >> >>> For more options, visit https://groups.google.com/d/optout. > >> >> > >> >> > >> > -- > >> > > >> > --- > >> > You received this message because you are subscribed to the Google > >> > Groups > >> > "ossec-list" group. > >> > To unsubscribe from this group and stop receiving emails from it, > send > >> > an > >> > email to ossec-list+...@googlegroups.com. > >> > For more options, visit https://groups.google.com/d/optout. > > > > -- > > > > --- > > You received this message because you are subscribed to the Google > Groups > > "ossec-list" group. > > To unsubscribe from this group and stop receiving emails from it, send > an > > email to ossec-list+...@googlegroups.com <javascript:>. > > For more options, visit https://groups.google.com/d/optout. > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.