Hi All, i killed de process and take command "ossec-control start" and the process of remoted stay up. But my agents "Windows" display "never connected" but the port 1514 stay up and with tcpdump i see my agents send logs to server.
strange... Em quarta-feira, 1 de março de 2017 15:37:55 UTC-3, dan (ddpbsd) escreveu: > > On Wed, Mar 1, 2017 at 6:59 AM, Eduardo Reichert Figueiredo > <[email protected] <javascript:>> wrote: > > Port 1514 is already, i received UPD packets (validated with tcpdump), > ossec > > is running (monitord, logcollector, syscheck, analysisd), only remoted > not > > running, but remoted is displayed for port 1514 (netstat -vandup). > > > > Shutdown ossec: > `/var/ossec/bin/ossec-control stop` > > Make sure no processes are still running: > `ps auxww | grep ossec` > > If there are any running processes still, kill them manually. > Try starting OSSEC again: > `/var/ossec/bin/ossec-control start` > > If that doesn't help, can you provide the <remote> configuration? > > > Em quarta-feira, 1 de março de 2017 08:53:21 UTC-3, Eero Volotinen > escreveu: > >> > >> Is something runnin on port 1514 already? or ossec already running? > >> > >> Eero > >> > >> 2017-03-01 13:50 GMT+02:00 Eduardo Reichert Figueiredo > >> <[email protected]>: > >>> > >>> Dear All, > >>> i doing installing ossec server in RHEL 6.8, but just ossec-remoted > not > >>> running, i do troubleshooting with commands bellow: > >>> #gdb /var/ossec-2.9/bin/ossec-remoted > >>> ###RESULT### > >>> <http://www.gnu.org/software/gdb/bugs/>... > >>> Reading symbols from /var/ossec-2.9/bin/ossec-remoted...(no debugging > >>> symbols found)...done. > >>> (gdb) set follow-fork-mode child > >>> (gdb) run -df > >>> Starting program: /var/ossec-2.9/bin/ossec-remoted -df > >>> [Thread debugging using libthread_db enabled] > >>> 2017/03/01 08:36:40 ossec-remoted: DEBUG: Starting ... > >>> 2017/03/01 08:36:40 ossec-remoted: INFO: Started (pid: 88290). > >>> [New process 88293] > >>> 2017/03/01 08:36:40 ossec-remoted: DEBUG: Forking remoted: '1'. > >>> 2017/03/01 08:36:40 ossec-remoted(1206): ERROR: Unable to Bind port > >>> '1514' > >>> [Thread debugging using libthread_db enabled] > >>> 2017/03/01 08:36:40 ossec-remoted: DEBUG: Forking remoted: '0'. > >>> 2017/03/01 08:36:40 ossec-remoted: Remote syslog allowed from: > >>> '0.0.0.0/0' > >>> 2017/03/01 08:36:40 ossec-remoted: Remote syslog allowed from: > >>> '0.0.0.0/0' > >>> 2017/03/01 08:36:40 ossec-remoted(1206): ERROR: Unable to Bind port > >>> '1514' > >>> > >>> Program exited with code 01. > >>> Missing separate debuginfos, use: debuginfo-install > >>> glibc-2.12-1.192.el6.x86_64 keyutils-libs-1.4-5.el6.x86_64 > >>> krb5-libs-1.10.3-57.el6.x86_64 libcom_err-1.41.12-22.el6.x86_64 > >>> libselinux-2.0.94-7.el6.x86_64 openssl-1.0.1e-48.el6_8.4.x86_64 > >>> zlib-1.2.3-29.el6.x86_64 > >>> (gdb) Q > >>> > >>> Can you help me? > >>> > >>> -- > >>> > >>> --- > >>> You received this message because you are subscribed to the Google > Groups > >>> "ossec-list" group. > >>> To unsubscribe from this group and stop receiving emails from it, send > an > >>> email to [email protected]. > >>> For more options, visit https://groups.google.com/d/optout. > >> > >> > > -- > > > > --- > > You received this message because you are subscribed to the Google > Groups > > "ossec-list" group. > > To unsubscribe from this group and stop receiving emails from it, send > an > > email to [email protected] <javascript:>. > > For more options, visit https://groups.google.com/d/optout. > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
