On Sat, Mar 4, 2017 at 2:36 PM, Eduardo Reichert Figueiredo <[email protected]> wrote: > Hi All, > i killed de process and take command "ossec-control start" and the process > of remoted stay up. > But my agents "Windows" display "never connected" but the port 1514 stay up > and with tcpdump i see my agents send logs to server. > > strange... >
Is there anything in the ossec.log on the server? If not, try enabling debug on the server and check again: `/var/ossec/bin/ossec-control enable debug && /var/ossec/bin/ossec-control restart` > Em quarta-feira, 1 de março de 2017 15:37:55 UTC-3, dan (ddpbsd) escreveu: >> >> On Wed, Mar 1, 2017 at 6:59 AM, Eduardo Reichert Figueiredo >> <[email protected]> wrote: >> > Port 1514 is already, i received UPD packets (validated with tcpdump), >> > ossec >> > is running (monitord, logcollector, syscheck, analysisd), only remoted >> > not >> > running, but remoted is displayed for port 1514 (netstat -vandup). >> > >> >> Shutdown ossec: >> `/var/ossec/bin/ossec-control stop` >> >> Make sure no processes are still running: >> `ps auxww | grep ossec` >> >> If there are any running processes still, kill them manually. >> Try starting OSSEC again: >> `/var/ossec/bin/ossec-control start` >> >> If that doesn't help, can you provide the <remote> configuration? >> >> > Em quarta-feira, 1 de março de 2017 08:53:21 UTC-3, Eero Volotinen >> > escreveu: >> >> >> >> Is something runnin on port 1514 already? or ossec already running? >> >> >> >> Eero >> >> >> >> 2017-03-01 13:50 GMT+02:00 Eduardo Reichert Figueiredo >> >> <[email protected]>: >> >>> >> >>> Dear All, >> >>> i doing installing ossec server in RHEL 6.8, but just ossec-remoted >> >>> not >> >>> running, i do troubleshooting with commands bellow: >> >>> #gdb /var/ossec-2.9/bin/ossec-remoted >> >>> ###RESULT### >> >>> <http://www.gnu.org/software/gdb/bugs/>... >> >>> Reading symbols from /var/ossec-2.9/bin/ossec-remoted...(no debugging >> >>> symbols found)...done. >> >>> (gdb) set follow-fork-mode child >> >>> (gdb) run -df >> >>> Starting program: /var/ossec-2.9/bin/ossec-remoted -df >> >>> [Thread debugging using libthread_db enabled] >> >>> 2017/03/01 08:36:40 ossec-remoted: DEBUG: Starting ... >> >>> 2017/03/01 08:36:40 ossec-remoted: INFO: Started (pid: 88290). >> >>> [New process 88293] >> >>> 2017/03/01 08:36:40 ossec-remoted: DEBUG: Forking remoted: '1'. >> >>> 2017/03/01 08:36:40 ossec-remoted(1206): ERROR: Unable to Bind port >> >>> '1514' >> >>> [Thread debugging using libthread_db enabled] >> >>> 2017/03/01 08:36:40 ossec-remoted: DEBUG: Forking remoted: '0'. >> >>> 2017/03/01 08:36:40 ossec-remoted: Remote syslog allowed from: >> >>> '0.0.0.0/0' >> >>> 2017/03/01 08:36:40 ossec-remoted: Remote syslog allowed from: >> >>> '0.0.0.0/0' >> >>> 2017/03/01 08:36:40 ossec-remoted(1206): ERROR: Unable to Bind port >> >>> '1514' >> >>> >> >>> Program exited with code 01. >> >>> Missing separate debuginfos, use: debuginfo-install >> >>> glibc-2.12-1.192.el6.x86_64 keyutils-libs-1.4-5.el6.x86_64 >> >>> krb5-libs-1.10.3-57.el6.x86_64 libcom_err-1.41.12-22.el6.x86_64 >> >>> libselinux-2.0.94-7.el6.x86_64 openssl-1.0.1e-48.el6_8.4.x86_64 >> >>> zlib-1.2.3-29.el6.x86_64 >> >>> (gdb) Q >> >>> >> >>> Can you help me? >> >>> >> >>> -- >> >>> >> >>> --- >> >>> You received this message because you are subscribed to the Google >> >>> Groups >> >>> "ossec-list" group. >> >>> To unsubscribe from this group and stop receiving emails from it, send >> >>> an >> >>> email to [email protected]. >> >>> For more options, visit https://groups.google.com/d/optout. >> >> >> >> >> > -- >> > >> > --- >> > You received this message because you are subscribed to the Google >> > Groups >> > "ossec-list" group. >> > To unsubscribe from this group and stop receiving emails from it, send >> > an >> > email to [email protected]. >> > For more options, visit https://groups.google.com/d/optout. > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
