On Fri, Oct 8, 2010 at 6:48 PM, blacklight <[email protected]> wrote: > I want to report that I also upgraded our OSSEC server to 2.5 today > and I similarly got > > [r...@wiggum logs]# service ossec status > ossec-monitord is running... > ossec-logcollector: Process 28337 not used by ossec, removing .. > ossec-logcollector not running... > ossec-remoted is running... > ossec-syscheckd is running... > ossec-analysisd is running... > ossec-maild is running... > ossec-execd is running... > ossec-dbd not running... > [r...@wiggum logs]# > > The claim that ossec-logcollector is not running is false as evidenced > by the fact that ossec-logcollector is showing "Analyzing file" > activity in /var/ossec/logs/ossec.log both on "service ossec restart" > and on running ossec-logcollector in debug mode. In addition, the WUI > (web) interface of the OSSEC server shows a continuous and up to date > stream of alerts. > > I believe that ossec-logcollector is merrily running although "ps ax | > grep ossec" fails to show it as running. In other words, you have a > bug report on your hands. > >
I'd be hesitant to think ossec processes are running if you can't find them with ps. Anything interesting in the ossec.log?
