ossec-remoted will not stay running

[aiborin]

I am running an OSSEC server in each of my two data centers.  In one data center, the server will stop the ossec-remoted service multiple times a week.  There is nothing in /var/ossec/logs/ossec.log to indicate why.  I get the following output when running /var/ossec/bin/ossec-control status:

ossec-remoted: Process XXXXX not used by ossec, removing ..
ossec-remoted not running…


This situation, of course, results in loss of communication with all agents. 

I can mitigate the impact by running a cron job that restarts ossec-remoted but this only masks the underlying problem.  I have searched Google but have not found a way in which to isolate the source of this problem and am hoping someone monitoring the list can provide a possible solution.

Regards,

[dan (ddp)]

What version of ossec?

What's your remote config?

Try running itin debug/foreground to see if it provides more info `/var/ossec/bin/ossec-remoted -df`

Regards,

--

---
You received this message because you are subscribed to the Google Groups "ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[aiborin]

I am running v2.8.3-53.

Please explain what you mean by "what is my remote config?"
- I checked ossec.conf and only see a setting related to running remote connections secure (default port 1514).

Will run in debug overnight to see what it produces.

Regards,

To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+...@googlegroups.com.

[dan (ddp)]

On Tue, Feb 14, 2017 at 6:24 PM, aiborin <abo...@transunion.com> wrote:
> I am running v2.8.3-53.
>
> Please explain what you mean by "what is my remote config?"
> - I checked ossec.conf and only see a setting related to running remote
> connections secure (default port 1514).
>

So, this?
<remote>
<connection>secure</connection>
</remote>