On Thu, Sep 5, 2013 at 9:48 AM, Gaetan Noel <[email protected]> wrote: > Hello, > > We've been having problems with the ossec-remoted service since a while. > When we would start it it would just stop after a while. At the time I > didn't really have time to work on it so I applied a cron to restart the > service every hour (I know it's bad ;-)). > > Now the service doesn't even start. When I run the following everything > seems ok : > > /var/ossec/bin]# ./ossec-control start > Starting OSSEC HIDS v2.7 (by Trend Micro Inc.)... > 2013/09/05 09:40:56 ossec-csyslogd: DEBUG: Starting ... > Started ossec-csyslogd... > Started ossec-agentlessd... > 2013/09/05 09:40:56 ossec-maild: INFO: E-Mail notification disabled. Clean > Exit. > Started ossec-maild... > Started ossec-execd... > Started ossec-analysisd... > Started ossec-logcollector... > Started ossec-remoted... > Started ossec-syscheckd... > Started ossec-monitord... > Completed. > > But then : > > /var/ossec/bin]# ./ossec-control status > ossec-monitord is running... > ossec-logcollector is running... > ossec-remoted: Process 32500 not used by ossec, removing .. > ossec-remoted not running... > ossec-syscheckd is running... > ossec-analysisd is running... > ossec-maild not running... > ossec-execd not running... > ossec-csyslogd is running... > ossec-agentlessd is running... > > I have tried to enable debug mode but the only thing I get is that : > > /var/ossec/logs]# tail -f -n 100 ossec.log | grep remoted > 2013/09/05 09:26:49 ossec-remoted: DEBUG: Starting ... > 2013/09/05 09:26:50 ossec-remoted: INFO: Started (pid: 30513). > 2013/09/05 09:26:50 ossec-remoted: DEBUG: Forking remoted: '0'. > > And it seems just after the Forking remoted: '0' the service stops without > writing anything in the log. I've looked at a couple of things on Google but > I don't get any good results some are talking about the client.keys file's > permission. I've re-created mine with the same results. > > Anyone has any ideas ? >
Run it in gdb: gdb /var/ossec/bin/ossec-remoted set follow-fork-mode child run -df When it crashes: bt That'd be a start anyhow. > Thanks > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/groups/opt_out. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
