subject:"\[ossec\-list\] Loop on opensuse"

Re: [ossec-list] Loop on opensuse

2020-01-17 Thread Burkhard Schultheis


Hi,

I installed it. In the meantime I solved the problem with help from 
Google: 
https://unix.stackexchange.com/questions/200280/systemd-kills-service-immediately-after-start


Thanks for your help!

Best regards from Germany
Burkhard

Am 17.01.2020 um 13:12 schrieb dan (ddp):

On Mon, Jan 13, 2020 at 9:04 AM Schultheis Burkhard
 wrote:

Some weeks ago I've installed Ossec on on three servers. One is running
CentOS 6.10, the others Opensuse 15.1. The CentOS installation behaves
as expected, but the opensuse installations behave very different,
although the configurations are as close as possible.

  From the CentOS server we get emails as expected, from the opensuse
servers not (other programs send us emails as expected from all
servers). The opensuse servers write tons of ossec logs, because it's in
a start-terminate loop. Excerpt:


How did you install OSSEC (package, source, etc)?
You could check the /var/log/audit/audit.log to see if it mentions
anything about it.
I have an OpenSuse VM where it worked fine, but I installed from
source. I haven't powered it up in a while though.


2020/01/13 13:45:25 ossec-testrule: INFO: Reading local decoder file.
2020/01/13 13:45:25 ossec-testrule: INFO: Started (pid: 28499).
2020/01/13 13:45:25 ossec-maild: INFO: Started (pid: 28516).
2020/01/13 13:45:25 ossec-execd: INFO: Started (pid: 28520).
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading local decoder file.
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
'rules_config.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
'pam_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
'sshd_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
'telnetd_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
'syslog_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
'arpwatch_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
'symantec-av_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
'symantec-ws_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
'pix_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
'named_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
'smbd_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
'vsftpd_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
'pure-ftpd_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
'proftpd_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
'ms_ftpd_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
'ftpd_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
'hordeimp_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
'roundcube_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
'wordpress_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
'cimserver_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
'vpopmail_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
'vmpop3d_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
'courier_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
'web_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
'web_appsec_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
'apache_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
'nginx_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
'php_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
'mysql_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
'postgresql_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
'ids_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
'squid_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
'firewall_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
'apparmor_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
'cisco-ios_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
'netscreenfw_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
'sonicwall_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
'postfix_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
'sendmail_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
'imapd_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
'mailscanner_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
'dovecot_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
'ms-exchange_rules.xml

Re: [ossec-list] Loop on opensuse

2020-01-17 Thread dan (ddp)

On Mon, Jan 13, 2020 at 9:04 AM Schultheis Burkhard
 wrote:
>
> Some weeks ago I've installed Ossec on on three servers. One is running
> CentOS 6.10, the others Opensuse 15.1. The CentOS installation behaves
> as expected, but the opensuse installations behave very different,
> although the configurations are as close as possible.
>
>  From the CentOS server we get emails as expected, from the opensuse
> servers not (other programs send us emails as expected from all
> servers). The opensuse servers write tons of ossec logs, because it's in
> a start-terminate loop. Excerpt:
>

How did you install OSSEC (package, source, etc)?
You could check the /var/log/audit/audit.log to see if it mentions
anything about it.
I have an OpenSuse VM where it worked fine, but I installed from
source. I haven't powered it up in a while though.

> 2020/01/13 13:45:25 ossec-testrule: INFO: Reading local decoder file.
> 2020/01/13 13:45:25 ossec-testrule: INFO: Started (pid: 28499).
> 2020/01/13 13:45:25 ossec-maild: INFO: Started (pid: 28516).
> 2020/01/13 13:45:25 ossec-execd: INFO: Started (pid: 28520).
> 2020/01/13 13:45:25 ossec-analysisd: INFO: Reading local decoder file.
> 2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
> 'rules_config.xml'
> 2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
> 'pam_rules.xml'
> 2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
> 'sshd_rules.xml'
> 2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
> 'telnetd_rules.xml'
> 2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
> 'syslog_rules.xml'
> 2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
> 'arpwatch_rules.xml'
> 2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
> 'symantec-av_rules.xml'
> 2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
> 'symantec-ws_rules.xml'
> 2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
> 'pix_rules.xml'
> 2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
> 'named_rules.xml'
> 2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
> 'smbd_rules.xml'
> 2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
> 'vsftpd_rules.xml'
> 2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
> 'pure-ftpd_rules.xml'
> 2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
> 'proftpd_rules.xml'
> 2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
> 'ms_ftpd_rules.xml'
> 2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
> 'ftpd_rules.xml'
> 2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
> 'hordeimp_rules.xml'
> 2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
> 'roundcube_rules.xml'
> 2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
> 'wordpress_rules.xml'
> 2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
> 'cimserver_rules.xml'
> 2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
> 'vpopmail_rules.xml'
> 2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
> 'vmpop3d_rules.xml'
> 2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
> 'courier_rules.xml'
> 2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
> 'web_rules.xml'
> 2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
> 'web_appsec_rules.xml'
> 2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
> 'apache_rules.xml'
> 2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
> 'nginx_rules.xml'
> 2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
> 'php_rules.xml'
> 2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
> 'mysql_rules.xml'
> 2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
> 'postgresql_rules.xml'
> 2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
> 'ids_rules.xml'
> 2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
> 'squid_rules.xml'
> 2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
> 'firewall_rules.xml'
> 2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
> 'apparmor_rules.xml'
> 2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
> 'cisco-ios_rules.xml'
> 2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
> 'netscreenfw_rules.xml'
> 2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
> 'sonicwall_rules.xml'
> 2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
> 'postfix_rules.xml'
> 2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
> 'sendmail_rules.xml'
> 2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
> 'imapd_rules.xml'
> 2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
> 'mailscanner_rules.xml'
> 2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
> 'dovecot_rules.xml'
> 2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
> 'ms-exchange_rules.xml'
> 2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file:
> 'racoon_rules.

[ossec-list] Loop on opensuse

2020-01-13 Thread Schultheis Burkhard

Some weeks ago I've installed Ossec on on three servers. One is running 
CentOS 6.10, the others Opensuse 15.1. The CentOS installation behaves 
as expected, but the opensuse installations behave very different, 
although the configurations are as close as possible.


From the CentOS server we get emails as expected, from the opensuse 
servers not (other programs send us emails as expected from all 
servers). The opensuse servers write tons of ossec logs, because it's in 
a start-terminate loop. Excerpt:


2020/01/13 13:45:25 ossec-testrule: INFO: Reading local decoder file.
2020/01/13 13:45:25 ossec-testrule: INFO: Started (pid: 28499).
2020/01/13 13:45:25 ossec-maild: INFO: Started (pid: 28516).
2020/01/13 13:45:25 ossec-execd: INFO: Started (pid: 28520).
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading local decoder file.
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file: 
'rules_config.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file: 
'pam_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file: 
'sshd_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file: 
'telnetd_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file: 
'syslog_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file: 
'arpwatch_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file: 
'symantec-av_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file: 
'symantec-ws_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file: 
'pix_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file: 
'named_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file: 
'smbd_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file: 
'vsftpd_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file: 
'pure-ftpd_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file: 
'proftpd_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file: 
'ms_ftpd_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file: 
'ftpd_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file: 
'hordeimp_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file: 
'roundcube_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file: 
'wordpress_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file: 
'cimserver_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file: 
'vpopmail_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file: 
'vmpop3d_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file: 
'courier_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file: 
'web_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file: 
'web_appsec_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file: 
'apache_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file: 
'nginx_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file: 
'php_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file: 
'mysql_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file: 
'postgresql_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file: 
'ids_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file: 
'squid_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file: 
'firewall_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file: 
'apparmor_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file: 
'cisco-ios_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file: 
'netscreenfw_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file: 
'sonicwall_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file: 
'postfix_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file: 
'sendmail_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file: 
'imapd_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file: 
'mailscanner_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file: 
'dovecot_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file: 
'ms-exchange_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file: 
'racoon_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file: 
'vpn_concentrator_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file: 
'spamd_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file: 
'msauth_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file: 
'mcafee_av_rules.xml'
2020/01/13 13:45:25 ossec-analysisd: INFO: Reading rules file: 
'trend-osce_rules.xml'
2020/01/13 13:45:25 ossec-analysi

Re: [ossec-list] Loop on opensuse

Re: [ossec-list] Loop on opensuse

[ossec-list] Loop on opensuse

3 matches

Site Navigation

Mail list logo

Footer information