This should not be happening. Could you include your ossec.conf? Also what os, distro, and version?
Friendly reminder: Remove any passwords before sending ossec.conf to the list. -Jeremy Rossi On Aug 9, 2010, at 8:34 AM, "[email protected]" <[email protected]> wrote: > There is nothing i can see from logs. Please find the process status > > > [r...@xxxxx~]# ps aux |grep ossec > ossecm 8556 0.0 0.0 3148 480 ? S 17:30 0:00 /var/ > ossec/bin/ossec-maild > root 8560 0.0 0.0 1796 424 ? S 17:30 0:00 /var/ > ossec/bin/ossec-execd > ossec 8564 0.1 0.0 4168 1764 ? S 17:30 0:02 /var/ > ossec/bin/ossec-analysisd > root 8568 0.0 0.0 3508 444 ? S 17:30 0:00 /var/ > ossec/bin/ossec-logcollector > ossecr 8574 0.0 0.0 23548 932 ? Sl 17:30 0:01 /var/ > ossec/bin/ossec-remoted > root 8580 0.4 0.0 3036 1628 ? S 17:30 0:08 /var/ > ossec/bin/ossec-syscheckd > ossec 8584 0.0 0.0 2428 464 ? S 17:30 0:00 /var/ > ossec/bin/ossec-monitord > ossecm 9158 0.0 0.0 0 0 ? Z 17:59 0:00 [ossec- > maild] <defunct> > ossecm 9159 0.0 0.0 0 0 ? Z 17:59 0:00 [ossec- > maild] <defunct> > ossecm 9160 0.0 0.0 0 0 ? Z 17:59 0:00 [ossec- > maild] <defunct> > ossecm 9161 0.0 0.0 0 0 ? Z 17:59 0:00 [ossec- > maild] <defunct> > ossecm 9162 0.0 0.0 0 0 ? Z 17:59 0:00 [ossec- > maild] <defunct> > ossecm 9163 0.0 0.0 0 0 ? Z 17:59 0:00 [ossec- > maild] <defunct> > ossecm 9164 0.0 0.0 0 0 ? Z 17:59 0:00 [ossec- > maild] <defunct> > root 9166 0.0 0.0 5232 624 pts/0 R+ 18:00 0:00 grep > ossec > > Regards, > Anoop Moahn
