I have tried to install ossec on three different vms and am not able to get it to pick up modifications, additions, deletions of files. I am have tried running it on security onion 14.04 machine and a non security onion machine. I followed the instructions here
https://www.digitalocean.com/community/tutorials/how-to-install-and-configure-ossec-security-notifications-on-ubuntu-14-04 and on two of the machines I am getting this process XXX not used by ossec removing, ossec remoted not running error. Please advise martin@martin-VirtualBox:~$ sudo /var/ossec/bin/ossec-control status [sudo] password for martin: ossec-monitord is running... ossec-logcollector is running... ossec-remoted: Process 1439 not used by ossec, removing .. ossec-remoted not running... ossec-syscheckd is running... ossec-analysisd is running... ossec-maild not running... ossec-execd is running... martin@martin-VirtualBox:~$ gdb /var/ossec/bin/ossec-remoted GNU gdb (Ubuntu 7.7.1-0ubuntu5~14.04.2) 7.7.1 Copyright (C) 2014 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "x86_64-linux-gnu". Type "show configuration" for configuration details. For bug reporting instructions, please see: <http://www.gnu.org/software/gdb/bugs/>. Find the GDB manual and other documentation resources online at: <http://www.gnu.org/software/gdb/documentation/>. For help, type "help". Type "apropos word" to search for commands related to "word"... /var/ossec/bin/ossec-remoted: Permission denied. (gdb) (gdb) set follow-fork-mode child (gdb) run -df Starting program: -df No executable file specified. Use the "file" or "exec-file" command. (gdb) t No thread selected (gdb) bt No stack. (gdb) [1]+ Stopped gdb /var/ossec/bin/ossec-remoted martin@martin-VirtualBox:~$ sudo gdb /var/ossec/bin/ossec-remoted GNU gdb (Ubuntu 7.7.1-0ubuntu5~14.04.2) 7.7.1 Copyright (C) 2014 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "x86_64-linux-gnu". Type "show configuration" for configuration details. For bug reporting instructions, please see: <http://www.gnu.org/software/gdb/bugs/>. Find the GDB manual and other documentation resources online at: <http://www.gnu.org/software/gdb/documentation/>. For help, type "help". Type "apropos word" to search for commands related to "word"... Reading symbols from /var/ossec/bin/ossec-remoted...(no debugging symbols found)...done. (gdb) set follow-fork-mode child (gdb) run -df Starting program: /var/ossec/bin/ossec-remoted -df [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1". 2016/03/06 12:31:23 ossec-remoted: DEBUG: Starting ... 2016/03/06 12:31:23 ossec-remoted: INFO: Started (pid: 4504). [New process 4508] [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1". 2016/03/06 12:31:23 ossec-remoted: DEBUG: Forking remoted: '0'. 2016/03/06 12:31:23 ossec-remoted: INFO: Started (pid: 4508). 2016/03/06 12:31:23 ossec-remoted: DEBUG: Running manager_init [New Thread 0x7ffff6fba700 (LWP 4509)] [New Thread 0x7ffff67b9700 (LWP 4510)] 2016/03/06 12:31:24 ossec-remoted: INFO: (unix_domain) Maximum send buffer set to: '16777216'. 2016/03/06 12:31:24 ossec-remoted(4111): INFO: Maximum number of agents allowed: '1024'. 2016/03/06 12:31:24 ossec-remoted(1410): INFO: Reading authentication keys file. 2016/03/06 12:31:24 ossec-remoted(1402): ERROR: Authentication key file '/etc/client.keys' not found. 2016/03/06 12:31:24 ossec-remoted(1750): ERROR: No remote connection configured. Exiting. [Thread 0x7ffff6fba700 (LWP 4509) exited] [Thread 0x7ffff7fe1740 (LWP 4508) exited] [Inferior 2 (process 4508) exited with code 01] (gdb) -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
