Nothing on OS logs also. Should I run ossec in debug mode ?just in case ? to see if debug shows some insite ?
On Friday, July 13, 2018 at 4:32:56 PM UTC+5:30, dan (ddpbsd) wrote: > > On Fri, Jul 13, 2018 at 1:39 AM, Chinmay Pandya > <chinmay...@inmobi.com <javascript:>> wrote: > > Here are my logs after restarting ossec. I do not see any remoted error > but > > still got stall entries > > > > I don't see anything exciting. Anything in the system logs about a crash? > You could try running remoted in the foreground > (`/var/ossec/bin/ossec-remoted -df`) > or in gdb to see if it's crashing. > > > root@ossec-1000:/ossec-server# grep remoted logs/ossec.log > > 2018/07/13 05:30:37 ossec-remoted: INFO: Started (pid: 4785). > > 2018/07/13 05:30:37 ossec-remoted: Remote syslog allowed from: > '127.0.0.1' > > 2018/07/13 05:30:37 ossec-remoted: Remote syslog allowed from: ' > 10.0.0.0/8' > > 2018/07/13 05:30:37 ossec-remoted: Remote syslog allowed from: > > '192.168.0.0/16' > > 2018/07/13 05:30:37 ossec-remoted: Remote syslog allowed from: > > '172.16.0.0/12' > > root@ossec-1000:/ossec-server# bin/ossec-control restart > > Deleting PID file '/ossec-server/var/run/ossec-remoted-5389.pid' not > used... > > Deleting PID file '/ossec-server/var/run/ossec-remoted-5615.pid' not > used... > > Deleting PID file '/ossec-server/var/run/ossec-remoted-5625.pid' not > used... > > Killing ossec-monitord .. > > Killing ossec-logcollector .. > > Killing ossec-remoted .. > > bin/ossec-control: 260: kill: No such process > > > > bin/ossec-control: 260: kill: No such process > > > > Killing ossec-syscheckd .. > > Killing ossec-analysisd .. > > ossec-maild not running .. > > ossec-execd not running .. > > Killing ossec-csyslogd .. > > OSSEC HIDS v2.9.3 Stopped > > Starting OSSEC HIDS v2.9.3 (by Trend Micro Inc.)... > > Started ossec-csyslogd... > > 2018/07/13 05:32:34 ossec-maild: INFO: E-Mail notification disabled. > Clean > > Exit. > > Started ossec-maild... > > Started ossec-execd... > > Started ossec-analysisd... > > 2018/07/13 05:32:34 ossec-logcollector(1905): INFO: No file configured > to > > monitor. > > Started ossec-logcollector... > > Started ossec-remoted... > > 2018/07/13 05:32:34 ossec-syscheckd(1702): INFO: No directory provided > for > > syscheck to monitor. > > 2018/07/13 05:32:34 ossec-syscheckd: WARN: Syscheck disabled. > > 2018/07/13 05:32:34 rootcheck: Rootcheck disabled. Exiting. > > 2018/07/13 05:32:34 ossec-syscheckd: WARN: Rootcheck module disabled. > > Started ossec-syscheckd... > > Started ossec-monitord... > > Completed. > > root@ossec-1000:/ossec-server# grep remoted logs/ossec.log > > root@ossec-1000:/ossec-server# grep remoted logs/ossec.log > > 2018/07/13 05:30:37 ossec-remoted: INFO: Started (pid: 4785). > > 2018/07/13 05:30:37 ossec-remoted: Remote syslog allowed from: > '127.0.0.1' > > 2018/07/13 05:30:37 ossec-remoted: Remote syslog allowed from: ' > 10.0.0.0/8' > > 2018/07/13 05:30:37 ossec-remoted: Remote syslog allowed from: > > '192.168.0.0/16' > > 2018/07/13 05:30:37 ossec-remoted: Remote syslog allowed from: > > '172.16.0.0/12' > > 2018/07/13 05:32:34 ossec-remoted: INFO: Started (pid: 8866). > > 2018/07/13 05:32:34 ossec-remoted: Remote syslog allowed from: > '127.0.0.1' > > 2018/07/13 05:32:34 ossec-remoted: Remote syslog allowed from: ' > 10.0.0.0/8' > > 2018/07/13 05:32:34 ossec-remoted: Remote syslog allowed from: > > '192.168.0.0/16' > > 2018/07/13 05:32:34 ossec-remoted: Remote syslog allowed from: > > '172.16.0.0/12' > > > > > > > -- _____________________________________________________________ The information contained in this communication is intended solely for the use of the individual or entity to whom it is addressed and others authorized to receive it. It may contain confidential or legally privileged information. If you are not the intended recipient you are hereby notified that any disclosure, copying, distribution or taking any action in reliance on the contents of this information is strictly prohibited and may be unlawful. If you have received this communication in error, please notify us immediately by responding to this email and then delete it from your system. The firm is neither liable for the proper and complete transmission of the information contained in this communication nor for any delay in its receipt. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.