[psad-discuss] psad(psadwatchd): restarting psad on localhost

Mon, 03 Feb 2014 14:26:29 -0800 

Hi,
     I'm trying to get psad working on RHEL6.5.

I am using the generic psad.conf file with IPV6 disabled.  I have rsyslog 
configured and running.

(a rebuilt src.rpm from Fedora 20)

My version is:
[+] psad v2.2.1 by Michael Rash <m...@cipherdyne.org>

When I service psad start I will see the following message in /var/log/messages 
every 5 seconds (as defined in the conf file)

psad(psadwatchd): restarting psad on localhost

If I look at the processes, I see:
root     401767      1  0 17:15 ?        00:00:00 /usr/bin/perl -w 
/usr/sbin/psad
root     401772      1  0 17:15 ?        00:00:00 /usr/sbin/psadwatchd -c 
/etc/psad/psad.conf
root     401779 401772  0 17:15 ?        00:00:00 /usr/sbin/psadwatchd -c 
/etc/psad/psad.conf
root     402083 401779  0 17:15 ?        00:00:00 /usr/sbin/psadwatchd -c 
/etc/psad/psad.conf
root     402127 351908  0 17:15 pts/0    00:00:00 grep psad

and it will keep spawning more psadwatcheds.

psad does seem to work but psadwatchd just keeps growing and logging in 
/var/log/messages.


I see the the pid runfiles get updated:
-rw-------.  1 root root    1 Feb  3 17:15 psad.cmd
-rw-------.  1 root root    7 Feb  3 17:15 psad.pid
-rw-------.  1 root root    7 Feb  3 17:15 psadwatchd.pid

If I run psad in debug mode, it looks like psadwatchd never starts and doesn't 
keep spawning more processes.

Now the weird part.  I have rebooted before and psad has worked fine.  Could 
this be a race condition in my syslog that psadwatchd is picking up?

I only have iptables rules on my OUTPUT chain since all I want to do is see who 
on the inside is doing what on this system.  This worked great for several days.


Any tips on how to debug would be greatly appreciated.

Thank you

Tim

------------------------------------------------------------------------------
Managing the Performance of Cloud-Based Applications
Take advantage of what the Cloud has to offer - Avoid Common Pitfalls.
Read the Whitepaper.
http://pubads.g.doubleclick.net/gampad/clk?id=121051231&iu=/4140/ostg.clktrk
_______________________________________________
psad-discuss mailing list
psad-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/psad-discuss

Reply via email to