Hello Experts,
We are running OSSEC Server 2.8.3 on SUSE 12 SP2 with few agents on Windows
2008 and Linux (SUSE 12 SP1).
When we receive notification emails from Linux agents for example with
Subject:
OSSEC Alert - (xxx-osagt-nat) 10.1.0.188 - Level 14 - Successful sudo to
ROOT executed
But
On Aug 25, 2017 11:32 AM, "Carlos Islas" wrote:
Hi dan,
Sorry, im newbie in that kind of commands. How can i kill the instance?
I usually use `pkill ossec-remoted`
You can also use `ps` to get the pid (or look for the pid in /var/ossec
somewhere) and kill it that
Hi dan,
Sorry, im newbie in that kind of commands. How can i kill the instance?
Regards...
El jueves, 24 de agosto de 2017, 16:19:57 (UTC-5), Carlos Islas escribió:
>
> Hello,
>
> I am having this issue when i execute the command ./ossec-remoted
>
> ossec.log:
>
> 2017/08/24 16:16:22
I have seen this happen on FreeBSD systems using OSSEC 2.8.3. The issue is
usually an inability to write the ar socket, but the error message in the
logs/ossec.log file can be any number of things. It is caused by a
permission issue with the sockets used for the queues, and shows up in both