On Wed, Jul 4, 2018 at 3:29 AM, Chinmay Pandya <[email protected]> wrote: > I have dockerised ossec server. > > I have built my docker and not using ossec docker. > > Now I need to restart my ossec every day. > > When I do, I have to wait a lot of time for ossec-remoted PID files to be > deleted. > > I see something like this > > Deleting PID file '/ossec-server/var/run/ossec-remoted-954.pid' not used... > Deleting PID file '/ossec-server/var/run/ossec-remoted-966.pid' not used... > Deleting PID file '/ossec-server/var/run/ossec-remoted-975.pid' not used... > Deleting PID file '/ossec-server/var/run/ossec-remoted-980.pid' not used... > Deleting PID file '/ossec-server/var/run/ossec-remoted-984.pid' not used... > Deleting PID file '/ossec-server/var/run/ossec-remoted-996.pid' not used... > Killing ossec-monitord .. > Killing ossec-logcollector .. > Killing ossec-remoted .. > Killing ossec-syscheckd .. > Killing ossec-analysisd .. > ossec-maild not running .. > ossec-execd not running .. > Killing ossec-csyslogd .. > OSSEC HIDS v2.9.3 Stopped > Starting OSSEC HIDS v2.9.3 (by Trend Micro Inc.)... > > > This is just a small list but I am seeing 12K to 20K PID files being deleted > everytime which take ups a lot of time and my service is down for those > minutes. > > Is there something I can improve or am I doing something wrong? >
Is remoted crashing? You shouldn't have so many pid files (unless it's crashing and being restarted automatically I think). > _____________________________________________________________ > The information contained in this communication is intended solely for the > use of the individual or entity to whom it is addressed and others > authorized to receive it. It may contain confidential or legally privileged > information. If you are not the intended recipient you are hereby notified > that any disclosure, copying, distribution or taking any action in reliance > on the contents of this information is strictly prohibited and may be > unlawful. If you have received this communication in error, please notify us > immediately by responding to this email and then delete it from your system. > The firm is neither liable for the proper and complete transmission of the > information contained in this communication nor for any delay in its > receipt. > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
