I want to report that I also upgraded our OSSEC server to 2.5 today and I similarly got
[r...@wiggum logs]# service ossec status ossec-monitord is running... ossec-logcollector: Process 28337 not used by ossec, removing .. ossec-logcollector not running... ossec-remoted is running... ossec-syscheckd is running... ossec-analysisd is running... ossec-maild is running... ossec-execd is running... ossec-dbd not running... [r...@wiggum logs]# The claim that ossec-logcollector is not running is false as evidenced by the fact that ossec-logcollector is showing "Analyzing file" activity in /var/ossec/logs/ossec.log both on "service ossec restart" and on running ossec-logcollector in debug mode. In addition, the WUI (web) interface of the OSSEC server shows a continuous and up to date stream of alerts. I believe that ossec-logcollector is merrily running although "ps ax | grep ossec" fails to show it as running. In other words, you have a bug report on your hands. On Sep 28, 3:27 pm, Jason 'XenoPhage' Frisvold <[email protected]> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On 09/28/2010 02:30 PM, dan (ddp) wrote: > > > How did you enable debugging? Try adding -d to the command > > ('/var/ossec/bin/ossec-logcollector-d' or whatever). > > > But it should continuerunning, and hopefully pick up all logfiles > > along the way. > > It was apparently a bug. Lord Cid fixed it up in today's snapshot. > Presumably there will be a v2.5.1 sometime soon as I'm apparentlynot > the only one who got bit.. > > - -- > - --------------------------- > Jason 'XenoPhage' Frisvold > [email protected] > - --------------------------- > "Any sufficiently advanced magic is indistinguishable from technology." > - - Niven's Inverse of Clarke's Third Law > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v2.0.14 (GNU/Linux) > Comment: Using GnuPG with Fedora -http://enigmail.mozdev.org/ > > iEYEARECAAYFAkyiQbgACgkQ8CjzPZyTUTQYmACbB8XcELigVnEPclC+s/xSX+Q7 > ghYAoIlo/w69DCkJLAw6BxJi4tbZ80tr > =HnyK > -----END PGP SIGNATURE-----
