Hi there guys,
When starting the agent I've get this info:
*Starting ossec-hids: 2016/10/12 15:43:05 ossec-agentd: INFO: Using notify
time: 600 and max time to reconnect: 1800*
2016/10/12 15:43:05 ossec-config(1756): ERROR: Duplicated directory given:
'/root'.
2016/10/12 15:43:05
Hi guys
The remote service was not starting, now it up and running, and have to say
that this was pure pain!!
*/var/ossec/bin/ossec-remoted -df*
2016/10/12 09:08:05 ossec-remoted: DEBUG: Starting ...
2016/10/12 09:08:05 ossec-remoted: INFO: Started (pid: 21609).
2016/10/12 09:08:05
On Wed, Oct 12, 2016 at 10:30 AM, Kernel Panic wrote:
> Hi guys
> The remote service was not starting, now it up and running, and have to say
> that this was pure pain!!
>
It would be interesting to find out what happened to your setup to
give you such troubles.
>
Really do not know, just installed it from repo and tried to start the
service.
Thanks
Regards
El martes, 11 de octubre de 2016, 15:22:03 (UTC-3), Kernel Panic escribió:
>
> Hi guys,
> Yes, I've been reading the error on the list, lots of cases and I got it
> too but I run out of idea.
>
>
Hi
Did not modify that file, I I realized some of them were in xml format just
wanted to check
This is what I've get running the services manually with -df
2016/10/12 07:31:20 ossec-syscheckd: DEBUG: Starting ...
2016/10/12 07:31:20 ossec-rootcheck: DEBUG: Starting ...
2016/10/12 07:31:20
After correcting some permission I've got some upgrades but still some
preocess complain about the queue.
/var/ossec/bin/ossec-control status
ossec-monitord is running...
ossec-logcollector is running...
ossec-remoted: Process 15564 not used by ossec, removing ..
ossec-remoted not running...
On Wed, Oct 12, 2016 at 9:09 AM, Kernel Panic wrote:
>
> chmod 777 /var/ossec/queue/ossec/queue
> z77s-tpuppetm01:/var/ossec/logs# /var/ossec/bin/ossec-syscheckd -df
> 2016/10/12 08:09:05 ossec-syscheckd: DEBUG: Starting ...
> 2016/10/12 08:09:05 ossec-rootcheck: DEBUG:
chmod 777 /var/ossec/queue/ossec/queue
z77s-tpuppetm01:/var/ossec/logs# /var/ossec/bin/ossec-syscheckd -df
2016/10/12 08:09:05 ossec-syscheckd: DEBUG: Starting ...
2016/10/12 08:09:05 ossec-rootcheck: DEBUG: Starting ...
2016/10/12 08:09:05 ossec-rootcheck: Starting queue ...
2016/10/12 08:09:08
Hi guys
Well, after fixing lots of permission it seems it's working now:
/var/ossec/bin/ossec-control status
ossec-monitord is running...
ossec-logcollector is running...
ossec-remoted not running...
ossec-syscheckd is running...
ossec-analysisd is running...
ossec-maild is running...
ossec-execd
These are my udp ports:
udp0 0 0.0.0.0:161 0.0.0.0:*
udp0 0 0.0.0.0:82310.0.0.0:*
udp0 0 127.0.0.1:703 0.0.0.0:*
udp0 0 0.0.0.0:51797 0.0.0.0:*
udp0 0 127.0.0.1:3030
On Oct 12, 2016 4:49 PM, "Kernel Panic" wrote:
>
> Hi there guys,
>
> When starting the agent I've get this info:
>
> Starting ossec-hids: 2016/10/12 15:43:05 ossec-agentd: INFO: Using notify
time: 600 and max time to reconnect: 1800
> 2016/10/12 15:43:05
11 matches
Mail list logo