subject:"Re\: \[ossec\-list\] ossec\-remoted not running"

Re: [ossec-list] ossec-remoted not running

2017-03-06 Thread Eduardo Reichert Figueiredo

Hi,
my problem is keys of agents, now are ok.

Thanks!!

Em sábado, 4 de março de 2017 18:33:43 UTC-3, dan (ddpbsd) escreveu:
>
> On Sat, Mar 4, 2017 at 2:36 PM, Eduardo Reichert Figueiredo 
>  wrote: 
> > Hi All, 
> > i killed de process and take command "ossec-control start" and the 
> process 
> > of remoted stay up. 
> > But my agents "Windows" display "never connected" but the port 1514 stay 
> up 
> > and with tcpdump i see my agents send logs to server. 
> > 
> > strange... 
> > 
>
> Is there anything in the ossec.log on the server? 
> If not, try enabling debug on the server and check again: 
> `/var/ossec/bin/ossec-control enable debug && 
> /var/ossec/bin/ossec-control restart` 
>
> > Em quarta-feira, 1 de março de 2017 15:37:55 UTC-3, dan (ddpbsd) 
> escreveu: 
> >> 
> >> On Wed, Mar 1, 2017 at 6:59 AM, Eduardo Reichert Figueiredo 
> >>  wrote: 
> >> > Port 1514 is already, i received UPD packets (validated with 
> tcpdump), 
> >> > ossec 
> >> > is running (monitord, logcollector, syscheck, analysisd), only 
> remoted 
> >> > not 
> >> > running, but remoted is displayed for port 1514 (netstat -vandup). 
> >> > 
> >> 
> >> Shutdown ossec: 
> >> `/var/ossec/bin/ossec-control stop` 
> >> 
> >> Make sure no processes are still running: 
> >> `ps auxww | grep ossec` 
> >> 
> >> If there are any running processes still, kill them manually. 
> >> Try starting OSSEC again: 
> >> `/var/ossec/bin/ossec-control start` 
> >> 
> >> If that doesn't help, can you provide the  configuration? 
> >> 
> >> > Em quarta-feira, 1 de março de 2017 08:53:21 UTC-3, Eero Volotinen 
> >> > escreveu: 
> >> >> 
> >> >> Is something runnin on port 1514 already? or ossec already running? 
> >> >> 
> >> >> Eero 
> >> >> 
> >> >> 2017-03-01 13:50 GMT+02:00 Eduardo Reichert Figueiredo 
> >> >> : 
> >> >>> 
> >> >>> Dear All, 
> >> >>> i doing installing ossec server in RHEL 6.8, but just ossec-remoted 
> >> >>> not 
> >> >>> running, i do troubleshooting with commands bellow: 
> >> >>> #gdb /var/ossec-2.9/bin/ossec-remoted 
> >> >>> ###RESULT### 
> >> >>> ... 
> >> >>> Reading symbols from /var/ossec-2.9/bin/ossec-remoted...(no 
> debugging 
> >> >>> symbols found)...done. 
> >> >>> (gdb) set follow-fork-mode child 
> >> >>> (gdb) run -df 
> >> >>> Starting program: /var/ossec-2.9/bin/ossec-remoted -df 
> >> >>> [Thread debugging using libthread_db enabled] 
> >> >>> 2017/03/01 08:36:40 ossec-remoted: DEBUG: Starting ... 
> >> >>> 2017/03/01 08:36:40 ossec-remoted: INFO: Started (pid: 88290). 
> >> >>> [New process 88293] 
> >> >>> 2017/03/01 08:36:40 ossec-remoted: DEBUG: Forking remoted: '1'. 
> >> >>> 2017/03/01 08:36:40 ossec-remoted(1206): ERROR: Unable to Bind port 
> >> >>> '1514' 
> >> >>> [Thread debugging using libthread_db enabled] 
> >> >>> 2017/03/01 08:36:40 ossec-remoted: DEBUG: Forking remoted: '0'. 
> >> >>> 2017/03/01 08:36:40 ossec-remoted: Remote syslog allowed from: 
> >> >>> '0.0.0.0/0' 
> >> >>> 2017/03/01 08:36:40 ossec-remoted: Remote syslog allowed from: 
> >> >>> '0.0.0.0/0' 
> >> >>> 2017/03/01 08:36:40 ossec-remoted(1206): ERROR: Unable to Bind port 
> >> >>> '1514' 
> >> >>> 
> >> >>> Program exited with code 01. 
> >> >>> Missing separate debuginfos, use: debuginfo-install 
> >> >>> glibc-2.12-1.192.el6.x86_64 keyutils-libs-1.4-5.el6.x86_64 
> >> >>> krb5-libs-1.10.3-57.el6.x86_64 libcom_err-1.41.12-22.el6.x86_64 
> >> >>> libselinux-2.0.94-7.el6.x86_64 openssl-1.0.1e-48.el6_8.4.x86_64 
> >> >>> zlib-1.2.3-29.el6.x86_64 
> >> >>> (gdb) Q 
> >> >>> 
> >> >>> Can you help me? 
> >> >>> 
> >> >>> -- 
> >> >>> 
> >> >>> --- 
> >> >>> You received this message because you are subscribed to the Google 
> >> >>> Groups 
> >> >>> "ossec-list" group. 
> >> >>> To unsubscribe from this group and stop receiving emails from it, 
> send 
> >> >>> an 
> >> >>> email to ossec-list+...@googlegroups.com. 
> >> >>> For more options, visit https://groups.google.com/d/optout. 
> >> >> 
> >> >> 
> >> > -- 
> >> > 
> >> > --- 
> >> > You received this message because you are subscribed to the Google 
> >> > Groups 
> >> > "ossec-list" group. 
> >> > To unsubscribe from this group and stop receiving emails from it, 
> send 
> >> > an 
> >> > email to ossec-list+...@googlegroups.com. 
> >> > For more options, visit https://groups.google.com/d/optout. 
> > 
> > -- 
> > 
> > --- 
> > You received this message because you are subscribed to the Google 
> Groups 
> > "ossec-list" group. 
> > To unsubscribe from this group and stop receiving emails from it, send 
> an 
> > email to ossec-list+...@googlegroups.com . 
> > For more options, visit https://groups.google.com/d/optout. 
>

-- 

--- 
You received this message because you are subscribed to the Google Groups 
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ossec-list+unsubscr...@googlegroups.com.
For

Re: [ossec-list] ossec-remoted not running

2017-03-04 Thread dan (ddp)

On Sat, Mar 4, 2017 at 2:36 PM, Eduardo Reichert Figueiredo
 wrote:
> Hi All,
> i killed de process and take command "ossec-control start" and the process
> of remoted stay up.
> But my agents "Windows" display "never connected" but the port 1514 stay up
> and with tcpdump i see my agents send logs to server.
>
> strange...
>

Is there anything in the ossec.log on the server?
If not, try enabling debug on the server and check again:
`/var/ossec/bin/ossec-control enable debug &&
/var/ossec/bin/ossec-control restart`

> Em quarta-feira, 1 de março de 2017 15:37:55 UTC-3, dan (ddpbsd) escreveu:
>>
>> On Wed, Mar 1, 2017 at 6:59 AM, Eduardo Reichert Figueiredo
>>  wrote:
>> > Port 1514 is already, i received UPD packets (validated with tcpdump),
>> > ossec
>> > is running (monitord, logcollector, syscheck, analysisd), only remoted
>> > not
>> > running, but remoted is displayed for port 1514 (netstat -vandup).
>> >
>>
>> Shutdown ossec:
>> `/var/ossec/bin/ossec-control stop`
>>
>> Make sure no processes are still running:
>> `ps auxww | grep ossec`
>>
>> If there are any running processes still, kill them manually.
>> Try starting OSSEC again:
>> `/var/ossec/bin/ossec-control start`
>>
>> If that doesn't help, can you provide the  configuration?
>>
>> > Em quarta-feira, 1 de março de 2017 08:53:21 UTC-3, Eero Volotinen
>> > escreveu:
>> >>
>> >> Is something runnin on port 1514 already? or ossec already running?
>> >>
>> >> Eero
>> >>
>> >> 2017-03-01 13:50 GMT+02:00 Eduardo Reichert Figueiredo
>> >> :
>> >>>
>> >>> Dear All,
>> >>> i doing installing ossec server in RHEL 6.8, but just ossec-remoted
>> >>> not
>> >>> running, i do troubleshooting with commands bellow:
>> >>> #gdb /var/ossec-2.9/bin/ossec-remoted
>> >>> ###RESULT###
>> >>> ...
>> >>> Reading symbols from /var/ossec-2.9/bin/ossec-remoted...(no debugging
>> >>> symbols found)...done.
>> >>> (gdb) set follow-fork-mode child
>> >>> (gdb) run -df
>> >>> Starting program: /var/ossec-2.9/bin/ossec-remoted -df
>> >>> [Thread debugging using libthread_db enabled]
>> >>> 2017/03/01 08:36:40 ossec-remoted: DEBUG: Starting ...
>> >>> 2017/03/01 08:36:40 ossec-remoted: INFO: Started (pid: 88290).
>> >>> [New process 88293]
>> >>> 2017/03/01 08:36:40 ossec-remoted: DEBUG: Forking remoted: '1'.
>> >>> 2017/03/01 08:36:40 ossec-remoted(1206): ERROR: Unable to Bind port
>> >>> '1514'
>> >>> [Thread debugging using libthread_db enabled]
>> >>> 2017/03/01 08:36:40 ossec-remoted: DEBUG: Forking remoted: '0'.
>> >>> 2017/03/01 08:36:40 ossec-remoted: Remote syslog allowed from:
>> >>> '0.0.0.0/0'
>> >>> 2017/03/01 08:36:40 ossec-remoted: Remote syslog allowed from:
>> >>> '0.0.0.0/0'
>> >>> 2017/03/01 08:36:40 ossec-remoted(1206): ERROR: Unable to Bind port
>> >>> '1514'
>> >>>
>> >>> Program exited with code 01.
>> >>> Missing separate debuginfos, use: debuginfo-install
>> >>> glibc-2.12-1.192.el6.x86_64 keyutils-libs-1.4-5.el6.x86_64
>> >>> krb5-libs-1.10.3-57.el6.x86_64 libcom_err-1.41.12-22.el6.x86_64
>> >>> libselinux-2.0.94-7.el6.x86_64 openssl-1.0.1e-48.el6_8.4.x86_64
>> >>> zlib-1.2.3-29.el6.x86_64
>> >>> (gdb) Q
>> >>>
>> >>> Can you help me?
>> >>>
>> >>> --
>> >>>
>> >>> ---
>> >>> You received this message because you are subscribed to the Google
>> >>> Groups
>> >>> "ossec-list" group.
>> >>> To unsubscribe from this group and stop receiving emails from it, send
>> >>> an
>> >>> email to ossec-list+...@googlegroups.com.
>> >>> For more options, visit https://groups.google.com/d/optout.
>> >>
>> >>
>> > --
>> >
>> > ---
>> > You received this message because you are subscribed to the Google
>> > Groups
>> > "ossec-list" group.
>> > To unsubscribe from this group and stop receiving emails from it, send
>> > an
>> > email to ossec-list+...@googlegroups.com.
>> > For more options, visit https://groups.google.com/d/optout.
>
> --
>
> ---
> You received this message because you are subscribed to the Google Groups
> "ossec-list" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ossec-list+unsubscr...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

-- 

--- 
You received this message because you are subscribed to the Google Groups 
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ossec-list] ossec-remoted not running

2017-03-04 Thread Eduardo Reichert Figueiredo

Hi All, 
i killed de process and take command "ossec-control start" and the process 
of remoted stay up.
But my agents "Windows" display "never connected" but the port 1514 stay up 
and with tcpdump i see my agents send logs to server.

strange...

Em quarta-feira, 1 de março de 2017 15:37:55 UTC-3, dan (ddpbsd) escreveu:
>
> On Wed, Mar 1, 2017 at 6:59 AM, Eduardo Reichert Figueiredo 
>  wrote: 
> > Port 1514 is already, i received UPD packets (validated with tcpdump), 
> ossec 
> > is running (monitord, logcollector, syscheck, analysisd), only remoted 
> not 
> > running, but remoted is displayed for port 1514 (netstat -vandup). 
> > 
>
> Shutdown ossec: 
> `/var/ossec/bin/ossec-control stop` 
>
> Make sure no processes are still running: 
> `ps auxww | grep ossec` 
>
> If there are any running processes still, kill them manually. 
> Try starting OSSEC again: 
> `/var/ossec/bin/ossec-control start` 
>
> If that doesn't help, can you provide the  configuration? 
>
> > Em quarta-feira, 1 de março de 2017 08:53:21 UTC-3, Eero Volotinen 
> escreveu: 
> >> 
> >> Is something runnin on port 1514 already? or ossec already running? 
> >> 
> >> Eero 
> >> 
> >> 2017-03-01 13:50 GMT+02:00 Eduardo Reichert Figueiredo 
> >> : 
> >>> 
> >>> Dear All, 
> >>> i doing installing ossec server in RHEL 6.8, but just ossec-remoted 
> not 
> >>> running, i do troubleshooting with commands bellow: 
> >>> #gdb /var/ossec-2.9/bin/ossec-remoted 
> >>> ###RESULT### 
> >>> ... 
> >>> Reading symbols from /var/ossec-2.9/bin/ossec-remoted...(no debugging 
> >>> symbols found)...done. 
> >>> (gdb) set follow-fork-mode child 
> >>> (gdb) run -df 
> >>> Starting program: /var/ossec-2.9/bin/ossec-remoted -df 
> >>> [Thread debugging using libthread_db enabled] 
> >>> 2017/03/01 08:36:40 ossec-remoted: DEBUG: Starting ... 
> >>> 2017/03/01 08:36:40 ossec-remoted: INFO: Started (pid: 88290). 
> >>> [New process 88293] 
> >>> 2017/03/01 08:36:40 ossec-remoted: DEBUG: Forking remoted: '1'. 
> >>> 2017/03/01 08:36:40 ossec-remoted(1206): ERROR: Unable to Bind port 
> >>> '1514' 
> >>> [Thread debugging using libthread_db enabled] 
> >>> 2017/03/01 08:36:40 ossec-remoted: DEBUG: Forking remoted: '0'. 
> >>> 2017/03/01 08:36:40 ossec-remoted: Remote syslog allowed from: 
> >>> '0.0.0.0/0' 
> >>> 2017/03/01 08:36:40 ossec-remoted: Remote syslog allowed from: 
> >>> '0.0.0.0/0' 
> >>> 2017/03/01 08:36:40 ossec-remoted(1206): ERROR: Unable to Bind port 
> >>> '1514' 
> >>> 
> >>> Program exited with code 01. 
> >>> Missing separate debuginfos, use: debuginfo-install 
> >>> glibc-2.12-1.192.el6.x86_64 keyutils-libs-1.4-5.el6.x86_64 
> >>> krb5-libs-1.10.3-57.el6.x86_64 libcom_err-1.41.12-22.el6.x86_64 
> >>> libselinux-2.0.94-7.el6.x86_64 openssl-1.0.1e-48.el6_8.4.x86_64 
> >>> zlib-1.2.3-29.el6.x86_64 
> >>> (gdb) Q 
> >>> 
> >>> Can you help me? 
> >>> 
> >>> -- 
> >>> 
> >>> --- 
> >>> You received this message because you are subscribed to the Google 
> Groups 
> >>> "ossec-list" group. 
> >>> To unsubscribe from this group and stop receiving emails from it, send 
> an 
> >>> email to ossec-list+...@googlegroups.com. 
> >>> For more options, visit https://groups.google.com/d/optout. 
> >> 
> >> 
> > -- 
> > 
> > --- 
> > You received this message because you are subscribed to the Google 
> Groups 
> > "ossec-list" group. 
> > To unsubscribe from this group and stop receiving emails from it, send 
> an 
> > email to ossec-list+...@googlegroups.com . 
> > For more options, visit https://groups.google.com/d/optout. 
>

-- 

--- 
You received this message because you are subscribed to the Google Groups 
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ossec-list] ossec-remoted not running

2017-03-01 Thread dan (ddp)

On Wed, Mar 1, 2017 at 6:59 AM, Eduardo Reichert Figueiredo
 wrote:
> Port 1514 is already, i received UPD packets (validated with tcpdump), ossec
> is running (monitord, logcollector, syscheck, analysisd), only remoted not
> running, but remoted is displayed for port 1514 (netstat -vandup).
>

Shutdown ossec:
`/var/ossec/bin/ossec-control stop`

Make sure no processes are still running:
`ps auxww | grep ossec`

If there are any running processes still, kill them manually.
Try starting OSSEC again:
`/var/ossec/bin/ossec-control start`

If that doesn't help, can you provide the  configuration?

> Em quarta-feira, 1 de março de 2017 08:53:21 UTC-3, Eero Volotinen escreveu:
>>
>> Is something runnin on port 1514 already? or ossec already running?
>>
>> Eero
>>
>> 2017-03-01 13:50 GMT+02:00 Eduardo Reichert Figueiredo
>> :
>>>
>>> Dear All,
>>> i doing installing ossec server in RHEL 6.8, but just ossec-remoted not
>>> running, i do troubleshooting with commands bellow:
>>> #gdb /var/ossec-2.9/bin/ossec-remoted
>>> ###RESULT###
>>> ...
>>> Reading symbols from /var/ossec-2.9/bin/ossec-remoted...(no debugging
>>> symbols found)...done.
>>> (gdb) set follow-fork-mode child
>>> (gdb) run -df
>>> Starting program: /var/ossec-2.9/bin/ossec-remoted -df
>>> [Thread debugging using libthread_db enabled]
>>> 2017/03/01 08:36:40 ossec-remoted: DEBUG: Starting ...
>>> 2017/03/01 08:36:40 ossec-remoted: INFO: Started (pid: 88290).
>>> [New process 88293]
>>> 2017/03/01 08:36:40 ossec-remoted: DEBUG: Forking remoted: '1'.
>>> 2017/03/01 08:36:40 ossec-remoted(1206): ERROR: Unable to Bind port
>>> '1514'
>>> [Thread debugging using libthread_db enabled]
>>> 2017/03/01 08:36:40 ossec-remoted: DEBUG: Forking remoted: '0'.
>>> 2017/03/01 08:36:40 ossec-remoted: Remote syslog allowed from:
>>> '0.0.0.0/0'
>>> 2017/03/01 08:36:40 ossec-remoted: Remote syslog allowed from:
>>> '0.0.0.0/0'
>>> 2017/03/01 08:36:40 ossec-remoted(1206): ERROR: Unable to Bind port
>>> '1514'
>>>
>>> Program exited with code 01.
>>> Missing separate debuginfos, use: debuginfo-install
>>> glibc-2.12-1.192.el6.x86_64 keyutils-libs-1.4-5.el6.x86_64
>>> krb5-libs-1.10.3-57.el6.x86_64 libcom_err-1.41.12-22.el6.x86_64
>>> libselinux-2.0.94-7.el6.x86_64 openssl-1.0.1e-48.el6_8.4.x86_64
>>> zlib-1.2.3-29.el6.x86_64
>>> (gdb) Q
>>>
>>> Can you help me?
>>>
>>> --
>>>
>>> ---
>>> You received this message because you are subscribed to the Google Groups
>>> "ossec-list" group.
>>> To unsubscribe from this group and stop receiving emails from it, send an
>>> email to ossec-list+...@googlegroups.com.
>>> For more options, visit https://groups.google.com/d/optout.
>>
>>
> --
>
> ---
> You received this message because you are subscribed to the Google Groups
> "ossec-list" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ossec-list+unsubscr...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

-- 

--- 
You received this message because you are subscribed to the Google Groups 
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ossec-list] ossec-remoted not running

2017-03-01 Thread Eduardo Reichert Figueiredo

Port 1514 is already, i received UPD packets (validated with tcpdump), 
ossec is running (monitord, logcollector, syscheck, analysisd), only 
remoted not running, but remoted is displayed for port 1514 (netstat 
-vandup).

Em quarta-feira, 1 de março de 2017 08:53:21 UTC-3, Eero Volotinen escreveu:
>
> Is something runnin on port 1514 already? or ossec already running?
>
> Eero
>
> 2017-03-01 13:50 GMT+02:00 Eduardo Reichert Figueiredo <
> eduardo@hotmail.com >:
>
>> Dear All,
>> i doing installing ossec server in RHEL 6.8, but just ossec-remoted not 
>> running, i do troubleshooting with commands bellow:
>> #gdb /var/ossec-2.9/bin/ossec-remoted
>> ###RESULT###
>> ...
>> Reading symbols from /var/ossec-2.9/bin/ossec-remoted...(no debugging 
>> symbols found)...done.
>> (gdb) set follow-fork-mode child
>> (gdb) run -df
>> Starting program: /var/ossec-2.9/bin/ossec-remoted -df
>> [Thread debugging using libthread_db enabled]
>> 2017/03/01 08:36:40 ossec-remoted: DEBUG: Starting ...
>> 2017/03/01 08:36:40 ossec-remoted: INFO: Started (pid: 88290).
>> [New process 88293]
>> 2017/03/01 08:36:40 ossec-remoted: DEBUG: Forking remoted: '1'.
>> 2017/03/01 08:36:40 ossec-remoted(1206): ERROR: Unable to Bind port '1514'
>> [Thread debugging using libthread_db enabled]
>> 2017/03/01 08:36:40 ossec-remoted: DEBUG: Forking remoted: '0'.
>> 2017/03/01 08:36:40 ossec-remoted: Remote syslog allowed from: '0.0.0.0/0
>> '
>> 2017/03/01 08:36:40 ossec-remoted: Remote syslog allowed from: '0.0.0.0/0
>> '
>> *2017/03/01 08:36:40 ossec-remoted(1206): ERROR: Unable to Bind port 
>> '1514'*
>>
>> Program exited with code 01.
>> Missing separate debuginfos, use: debuginfo-install 
>> glibc-2.12-1.192.el6.x86_64 keyutils-libs-1.4-5.el6.x86_64 
>> krb5-libs-1.10.3-57.el6.x86_64 libcom_err-1.41.12-22.el6.x86_64 
>> libselinux-2.0.94-7.el6.x86_64 openssl-1.0.1e-48.el6_8.4.x86_64 
>> zlib-1.2.3-29.el6.x86_64
>> (gdb) Q
>>
>> Can you help me?
>>
>> -- 
>>
>> --- 
>> You received this message because you are subscribed to the Google Groups 
>> "ossec-list" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to ossec-list+...@googlegroups.com .
>> For more options, visit https://groups.google.com/d/optout.
>>
>
>

-- 

--- 
You received this message because you are subscribed to the Google Groups 
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ossec-list] ossec-remoted not running

2017-03-01 Thread Eero Volotinen

Is something runnin on port 1514 already? or ossec already running?

Eero

2017-03-01 13:50 GMT+02:00 Eduardo Reichert Figueiredo <
eduardo.reich...@hotmail.com>:

> Dear All,
> i doing installing ossec server in RHEL 6.8, but just ossec-remoted not
> running, i do troubleshooting with commands bellow:
> #gdb /var/ossec-2.9/bin/ossec-remoted
> ###RESULT###
> ...
> Reading symbols from /var/ossec-2.9/bin/ossec-remoted...(no debugging
> symbols found)...done.
> (gdb) set follow-fork-mode child
> (gdb) run -df
> Starting program: /var/ossec-2.9/bin/ossec-remoted -df
> [Thread debugging using libthread_db enabled]
> 2017/03/01 08:36:40 ossec-remoted: DEBUG: Starting ...
> 2017/03/01 08:36:40 ossec-remoted: INFO: Started (pid: 88290).
> [New process 88293]
> 2017/03/01 08:36:40 ossec-remoted: DEBUG: Forking remoted: '1'.
> 2017/03/01 08:36:40 ossec-remoted(1206): ERROR: Unable to Bind port '1514'
> [Thread debugging using libthread_db enabled]
> 2017/03/01 08:36:40 ossec-remoted: DEBUG: Forking remoted: '0'.
> 2017/03/01 08:36:40 ossec-remoted: Remote syslog allowed from: '0.0.0.0/0'
> 2017/03/01 08:36:40 ossec-remoted: Remote syslog allowed from: '0.0.0.0/0'
> *2017/03/01 08:36:40 ossec-remoted(1206): ERROR: Unable to Bind port
> '1514'*
>
> Program exited with code 01.
> Missing separate debuginfos, use: debuginfo-install
> glibc-2.12-1.192.el6.x86_64 keyutils-libs-1.4-5.el6.x86_64
> krb5-libs-1.10.3-57.el6.x86_64 libcom_err-1.41.12-22.el6.x86_64
> libselinux-2.0.94-7.el6.x86_64 openssl-1.0.1e-48.el6_8.4.x86_64
> zlib-1.2.3-29.el6.x86_64
> (gdb) Q
>
> Can you help me?
>
> --
>
> ---
> You received this message because you are subscribed to the Google Groups
> "ossec-list" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ossec-list+unsubscr...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
>

-- 

--- 
You received this message because you are subscribed to the Google Groups 
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ossec-list] ossec-remoted not running

2015-09-24 Thread Matt Hickie

Hi Dan - thanks for the reply.

Further research showed the /var/ossec/queue ownership as root:ossec.  

I changed this to ossec:ossec.  I left the permissions at 750.

Time to change my puppet scripts and rebake the image.  It is a mystery how 
it ever worked with settings like this

Again - Thanks!
Matt

On Tuesday, September 22, 2015 at 7:16:33 PM UTC-7, dan (ddpbsd) wrote:
>
> On Tue, Sep 22, 2015 at 4:56 AM, Matt Hickie  > wrote: 
> > Running into an issue with ossec-remoted not running.  Setup had been 
> > working for over a couple of months and now the remoted process just 
> seems 
> > to die.  This is running on AWS linux 
> > 
> > Enabled debug with gdb. 
> > 
> > /var/ossec/bin/ossec-control enable debug 
> > /var/ossec/bin/ossec-control restart 
> > 
> > ran ossec-remoted in gdb. Below is output. 
> > 
> > Any help would be greatly appreciated. I am a bit worried I have 
> exceeded 
> > the max agents.  It should not be that many >256 yet and was hopping to 
> see 
> > something from the gdb. 
> > 
>
> If there are more than 256, did you recompile with support for more 
> agents? Are there any log messages in the ossec.log related to 
> remoted? 
>
> > Thanks! 
> > 
> > gdb output 
> >  
> > gdb /var/ossec/bin/ossec-remoted 
> > GNU gdb (GDB) Amazon Linux (7.6.1-51.27.amzn1) 
> > Copyright (C) 2013 Free Software Foundation, Inc. 
> > License GPLv3+: GNU GPL version 3 or later 
> >  
> > This is free software: you are free to change and redistribute it. 
> > There is NO WARRANTY, to the extent permitted by law.  Type "show 
> copying" 
> > and "show warranty" for details. 
> > This GDB was configured as "x86_64-amazon-linux-gnu". 
> > For bug reporting instructions, please see: 
> > ... 
> > Reading symbols from /var/ossec/bin/ossec-remoted...Reading symbols from 
> > /usr/lib/debug/var/ossec/bin/ossec-remoted.debug... 
> > warning: Skipping deprecated .gdb_index section in 
> > /usr/lib/debug/var/ossec/bin/ossec-remoted.debug. 
> > Do "set use-deprecated-index-sections on" before the file is read 
> > to use the section anyway. 
> > done. 
> > done. 
> > (gdb) set follow-fork-mode child 
> > (gdb) run 
> > Starting program: /var/ossec/bin/ossec-remoted 
> > [Thread debugging using libthread_db enabled] 
> > Using host libthread_db library "/lib64/libthread_db.so.1". 
> > 2015/09/21 23:05:34 ossec-remoted: DEBUG: Starting ... 
> > [New process 7230] 
> > [Thread debugging using libthread_db enabled] 
> > Using host libthread_db library "/lib64/libthread_db.so.1". 
> > [New process 7231] 
> > [Thread debugging using libthread_db enabled] 
> > Using host libthread_db library "/lib64/libthread_db.so.1". 
> > [New process 7232] 
> > [Thread debugging using libthread_db enabled] 
> > Using host libthread_db library "/lib64/libthread_db.so.1". 
> > [New Thread 0x775f2700 (LWP 7233)] 
> > [New Thread 0x76df1700 (LWP 7234)] 
> > [Thread 0x76df1700 (LWP 7234) exited] 
> > [Thread 0x775f2700 (LWP 7233) exited] 
> > [Inferior 4 (process 7232) exited with code 01] 
> > (gdb) 
> > 
>
> Did you run any other commands to try and get any more info? 
>
> > -- 
> > 
> > --- 
> > You received this message because you are subscribed to the Google 
> Groups 
> > "ossec-list" group. 
> > To unsubscribe from this group and stop receiving emails from it, send 
> an 
> > email to ossec-list+...@googlegroups.com . 
> > For more options, visit https://groups.google.com/d/optout. 
>

-- 

--- 
You received this message because you are subscribed to the Google Groups 
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ossec-list] ossec-remoted not running

2015-09-22 Thread dan (ddp)

On Tue, Sep 22, 2015 at 4:56 AM, Matt Hickie  wrote:
> Running into an issue with ossec-remoted not running.  Setup had been
> working for over a couple of months and now the remoted process just seems
> to die.  This is running on AWS linux
>
> Enabled debug with gdb.
>
> /var/ossec/bin/ossec-control enable debug
> /var/ossec/bin/ossec-control restart
>
> ran ossec-remoted in gdb. Below is output.
>
> Any help would be greatly appreciated. I am a bit worried I have exceeded
> the max agents.  It should not be that many >256 yet and was hopping to see
> something from the gdb.
>

If there are more than 256, did you recompile with support for more
agents? Are there any log messages in the ossec.log related to
remoted?

> Thanks!
>
> gdb output
> 
> gdb /var/ossec/bin/ossec-remoted
> GNU gdb (GDB) Amazon Linux (7.6.1-51.27.amzn1)
> Copyright (C) 2013 Free Software Foundation, Inc.
> License GPLv3+: GNU GPL version 3 or later
> 
> This is free software: you are free to change and redistribute it.
> There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
> and "show warranty" for details.
> This GDB was configured as "x86_64-amazon-linux-gnu".
> For bug reporting instructions, please see:
> ...
> Reading symbols from /var/ossec/bin/ossec-remoted...Reading symbols from
> /usr/lib/debug/var/ossec/bin/ossec-remoted.debug...
> warning: Skipping deprecated .gdb_index section in
> /usr/lib/debug/var/ossec/bin/ossec-remoted.debug.
> Do "set use-deprecated-index-sections on" before the file is read
> to use the section anyway.
> done.
> done.
> (gdb) set follow-fork-mode child
> (gdb) run
> Starting program: /var/ossec/bin/ossec-remoted
> [Thread debugging using libthread_db enabled]
> Using host libthread_db library "/lib64/libthread_db.so.1".
> 2015/09/21 23:05:34 ossec-remoted: DEBUG: Starting ...
> [New process 7230]
> [Thread debugging using libthread_db enabled]
> Using host libthread_db library "/lib64/libthread_db.so.1".
> [New process 7231]
> [Thread debugging using libthread_db enabled]
> Using host libthread_db library "/lib64/libthread_db.so.1".
> [New process 7232]
> [Thread debugging using libthread_db enabled]
> Using host libthread_db library "/lib64/libthread_db.so.1".
> [New Thread 0x775f2700 (LWP 7233)]
> [New Thread 0x76df1700 (LWP 7234)]
> [Thread 0x76df1700 (LWP 7234) exited]
> [Thread 0x775f2700 (LWP 7233) exited]
> [Inferior 4 (process 7232) exited with code 01]
> (gdb)
>

Did you run any other commands to try and get any more info?

> --
>
> ---
> You received this message because you are subscribed to the Google Groups
> "ossec-list" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ossec-list+unsubscr...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

-- 

--- 
You received this message because you are subscribed to the Google Groups 
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ossec-list] ossec-remoted not running

Re: [ossec-list] ossec-remoted not running

Re: [ossec-list] ossec-remoted not running

Re: [ossec-list] ossec-remoted not running

Re: [ossec-list] ossec-remoted not running

Re: [ossec-list] ossec-remoted not running

Re: [ossec-list] ossec-remoted not running

Re: [ossec-list] ossec-remoted not running

8 matches

Site Navigation

Mail list logo

Footer information