On Tue, Sep 22, 2015 at 4:56 AM, Matt Hickie <[email protected]> wrote: > Running into an issue with ossec-remoted not running. Setup had been > working for over a couple of months and now the remoted process just seems > to die. This is running on AWS linux > > Enabled debug with gdb. > > /var/ossec/bin/ossec-control enable debug > /var/ossec/bin/ossec-control restart > > ran ossec-remoted in gdb. Below is output. > > Any help would be greatly appreciated. I am a bit worried I have exceeded > the max agents. It should not be that many >256 yet and was hopping to see > something from the gdb. >
If there are more than 256, did you recompile with support for more agents? Are there any log messages in the ossec.log related to remoted? > Thanks! > > gdb output > ------------------------ > gdb /var/ossec/bin/ossec-remoted > GNU gdb (GDB) Amazon Linux (7.6.1-51.27.amzn1) > Copyright (C) 2013 Free Software Foundation, Inc. > License GPLv3+: GNU GPL version 3 or later > <http://gnu.org/licenses/gpl.html> > This is free software: you are free to change and redistribute it. > There is NO WARRANTY, to the extent permitted by law. Type "show copying" > and "show warranty" for details. > This GDB was configured as "x86_64-amazon-linux-gnu". > For bug reporting instructions, please see: > <http://www.gnu.org/software/gdb/bugs/>... > Reading symbols from /var/ossec/bin/ossec-remoted...Reading symbols from > /usr/lib/debug/var/ossec/bin/ossec-remoted.debug... > warning: Skipping deprecated .gdb_index section in > /usr/lib/debug/var/ossec/bin/ossec-remoted.debug. > Do "set use-deprecated-index-sections on" before the file is read > to use the section anyway. > done. > done. > (gdb) set follow-fork-mode child > (gdb) run > Starting program: /var/ossec/bin/ossec-remoted > [Thread debugging using libthread_db enabled] > Using host libthread_db library "/lib64/libthread_db.so.1". > 2015/09/21 23:05:34 ossec-remoted: DEBUG: Starting ... > [New process 7230] > [Thread debugging using libthread_db enabled] > Using host libthread_db library "/lib64/libthread_db.so.1". > [New process 7231] > [Thread debugging using libthread_db enabled] > Using host libthread_db library "/lib64/libthread_db.so.1". > [New process 7232] > [Thread debugging using libthread_db enabled] > Using host libthread_db library "/lib64/libthread_db.so.1". > [New Thread 0x7ffff75f2700 (LWP 7233)] > [New Thread 0x7ffff6df1700 (LWP 7234)] > [Thread 0x7ffff6df1700 (LWP 7234) exited] > [Thread 0x7ffff75f2700 (LWP 7233) exited] > [Inferior 4 (process 7232) exited with code 01] > (gdb) > Did you run any other commands to try and get any more info? > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
