On Fri, Jul 13, 2018 at 1:39 AM, Chinmay Pandya <[email protected]> wrote: > Here are my logs after restarting ossec. I do not see any remoted error but > still got stall entries >
I don't see anything exciting. Anything in the system logs about a crash? You could try running remoted in the foreground (`/var/ossec/bin/ossec-remoted -df`) or in gdb to see if it's crashing. > root@ossec-1000:/ossec-server# grep remoted logs/ossec.log > 2018/07/13 05:30:37 ossec-remoted: INFO: Started (pid: 4785). > 2018/07/13 05:30:37 ossec-remoted: Remote syslog allowed from: '127.0.0.1' > 2018/07/13 05:30:37 ossec-remoted: Remote syslog allowed from: '10.0.0.0/8' > 2018/07/13 05:30:37 ossec-remoted: Remote syslog allowed from: > '192.168.0.0/16' > 2018/07/13 05:30:37 ossec-remoted: Remote syslog allowed from: > '172.16.0.0/12' > root@ossec-1000:/ossec-server# bin/ossec-control restart > Deleting PID file '/ossec-server/var/run/ossec-remoted-5389.pid' not used... > Deleting PID file '/ossec-server/var/run/ossec-remoted-5615.pid' not used... > Deleting PID file '/ossec-server/var/run/ossec-remoted-5625.pid' not used... > Killing ossec-monitord .. > Killing ossec-logcollector .. > Killing ossec-remoted .. > bin/ossec-control: 260: kill: No such process > > bin/ossec-control: 260: kill: No such process > > Killing ossec-syscheckd .. > Killing ossec-analysisd .. > ossec-maild not running .. > ossec-execd not running .. > Killing ossec-csyslogd .. > OSSEC HIDS v2.9.3 Stopped > Starting OSSEC HIDS v2.9.3 (by Trend Micro Inc.)... > Started ossec-csyslogd... > 2018/07/13 05:32:34 ossec-maild: INFO: E-Mail notification disabled. Clean > Exit. > Started ossec-maild... > Started ossec-execd... > Started ossec-analysisd... > 2018/07/13 05:32:34 ossec-logcollector(1905): INFO: No file configured to > monitor. > Started ossec-logcollector... > Started ossec-remoted... > 2018/07/13 05:32:34 ossec-syscheckd(1702): INFO: No directory provided for > syscheck to monitor. > 2018/07/13 05:32:34 ossec-syscheckd: WARN: Syscheck disabled. > 2018/07/13 05:32:34 rootcheck: Rootcheck disabled. Exiting. > 2018/07/13 05:32:34 ossec-syscheckd: WARN: Rootcheck module disabled. > Started ossec-syscheckd... > Started ossec-monitord... > Completed. > root@ossec-1000:/ossec-server# grep remoted logs/ossec.log > root@ossec-1000:/ossec-server# grep remoted logs/ossec.log > 2018/07/13 05:30:37 ossec-remoted: INFO: Started (pid: 4785). > 2018/07/13 05:30:37 ossec-remoted: Remote syslog allowed from: '127.0.0.1' > 2018/07/13 05:30:37 ossec-remoted: Remote syslog allowed from: '10.0.0.0/8' > 2018/07/13 05:30:37 ossec-remoted: Remote syslog allowed from: > '192.168.0.0/16' > 2018/07/13 05:30:37 ossec-remoted: Remote syslog allowed from: > '172.16.0.0/12' > 2018/07/13 05:32:34 ossec-remoted: INFO: Started (pid: 8866). > 2018/07/13 05:32:34 ossec-remoted: Remote syslog allowed from: '127.0.0.1' > 2018/07/13 05:32:34 ossec-remoted: Remote syslog allowed from: '10.0.0.0/8' > 2018/07/13 05:32:34 ossec-remoted: Remote syslog allowed from: > '192.168.0.0/16' > 2018/07/13 05:32:34 ossec-remoted: Remote syslog allowed from: > '172.16.0.0/12' > > > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
