thanks, Dan I've now disabled it in the control script. @Michael: hmm no, I've always the following warnings during a restart of ossec:
2015/07/10 18:52:09 ossec-remoted: DEBUG: Starting ... 2015/07/10 18:52:09 ossec-remoted: INFO: Started (pid: 11943). 2015/07/10 18:52:09 ossec-remoted: DEBUG: Forking remoted: '0'. 2015/07/10 18:52:09 ossec-remoted: INFO: Started (pid: 11944). 2015/07/10 18:52:09 ossec-remoted: DEBUG: Running manager_init 2015/07/10 18:52:10 ossec-remoted: INFO: (unix_domain) Maximum send buffer set to: '124928'. 2015/07/10 18:52:10 ossec-remoted(4111): INFO: Maximum number of agents allowed: '256'. 2015/07/10 18:52:10 ossec-remoted(1410): INFO: Reading authentication keys file. 2015/07/10 18:52:10 ossec-remoted(1402): ERROR: Authentication key file '/etc/client.keys' not found. 2015/07/10 18:52:10 ossec-remoted(1750): ERROR: No remote connection configured. Exiting. Am Montag, 13. Juli 2015 18:37:46 UTC+2 schrieb dan (ddpbsd): > > You can try removing it from the ossec-control script > On Jul 13, 2015 12:30 PM, "theresa mic-snare" <[email protected] > <javascript:>> wrote: > >> Hi, >> >> any ideas on how to disable ossec-remoted (at least tempoarily until I >> have also agents configured) >> >> thanks, >> theresa >> >> Am Freitag, 10. Juli 2015 23:12:33 UTC+2 schrieb theresa mic-snare: >>> >>> hiya, >>> >>> it's me again. i promise this will be the last question, at least for >>> this week ;) >>> >>> alright, i understand this might sound daft to you. but is there a way >>> to disable the remoted process in ossec? i accidentally installed the >>> server version, whereas the local installation would have just been >>> sufficient as i only really want to monitor one server. >>> i thought i would just disable or uncomment the <remote></remote> part >>> in the ossec.conf and would just restart it. >>> >>> <!-- >>> <remote> >>> <connection>secure</connection> >>> </remote> >>> --> >>> >>> >>> just like that. >>> >>> but unfortunately, after restarting ossec the ossec-remoted process just >>> seems to be started again... >>> >>> 2015/07/10 18:52:09 ossec-remoted: DEBUG: Starting ... >>> 2015/07/10 18:52:09 ossec-remoted: INFO: Started (pid: 11943). >>> 2015/07/10 18:52:09 ossec-remoted: DEBUG: Forking remoted: '0'. >>> 2015/07/10 18:52:09 ossec-remoted: INFO: Started (pid: 11944). >>> 2015/07/10 18:52:09 ossec-remoted: DEBUG: Running manager_init >>> 2015/07/10 18:52:10 ossec-remoted: INFO: (unix_domain) Maximum send >>> buffer set to: '124928'. >>> 2015/07/10 18:52:10 ossec-remoted(4111): INFO: Maximum number of agents >>> allowed: '256'. >>> 2015/07/10 18:52:10 ossec-remoted(1410): INFO: Reading authentication >>> keys file. >>> 2015/07/10 18:52:10 ossec-remoted(1402): ERROR: Authentication key file >>> '/etc/client.keys' not found. >>> 2015/07/10 18:52:10 ossec-remoted(1750): ERROR: No remote connection >>> configured. Exiting. >>> 2015/07/10 19:04:00 ossec-remoted: DEBUG: Starting ... >>> 2015/07/10 19:16:02 ossec-remoted: DEBUG: Starting ... >>> >>> >>> is there a way to stop this? how can i disable it so that it doesn't get >>> started in the first place? >>> >>> i'd hate to re-install, after feeling so comfortable with my current >>> setup right now. and i'd just like to temporarily disable/deactive it so >>> that i could come back and enable the remoted in the near future (taking >>> the next steps and adding agents). >>> >>> >>> really sorry if this sounds stupid, but i couldn't find an answer to >>> this..neither in the docs nor in the interwebs... >>> >>> thanks, >>> theresa >>> >> -- >> >> --- >> You received this message because you are subscribed to the Google Groups >> "ossec-list" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected] <javascript:>. >> For more options, visit https://groups.google.com/d/optout. >> > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
