"os_dbd/main.c" line 257 should write the .pid file 257 if(CreatePID(ARGV0, getpid()) < 0)
The daemon should write a log of the following format in ossec.log when starting: "%s: INFO: Started (pid: %d). If there was an error connecting to DB, the ossec-dbd will not function properly. On Sunday, June 30, 2013 4:09:07 AM UTC-7, Christian Beer wrote: > > Hi All, > > I installed the beta 1 of 2.7.1 on a new server and noticed that > ossec-dbd is not shut down from ossec-control stop or restart. > > I compiled with mysql database support. Enabled the database > (ossec-control enable database) and restarted ossec. I than had to make > another change in the source, recompiled und updated again. At the end > of install.sh I got the error: > > make[1]: Leaving directory `/root/ossec-hids-2.7.1-beta-1/src/os_auth' > Killing ossec-monitord .. > Killing ossec-logcollector .. > Killing ossec-syscheckd .. > Killing ossec-analysisd .. > Killing ossec-maild .. > Killing ossec-execd .. > ossec-dbd not running .. > OSSEC HIDS v2.7.1-beta-1 Stopped > cp: reguläre Datei „/var/ossec/bin/ossec-dbd“ kann nicht angelegt > werden: Das Programm kann nicht ausgeführt oder verändert werden (busy) > Starting OSSEC HIDS v2.7.1-beta-1 (by Trend Micro Inc.)... > Started ossec-dbd... > Started ossec-maild... > 2013/06/30 12:18:29 ossec-execd: INFO: Adding offenders timeout: 60 (for > #1) > 2013/06/30 12:18:29 ossec-execd: INFO: Adding offenders timeout: 120 > (for #2) > 2013/06/30 12:18:29 ossec-execd: INFO: Adding offenders timeout: 1440 > (for #3) > Started ossec-execd... > Started ossec-analysisd... > Started ossec-logcollector... > Started ossec-syscheckd... > Started ossec-monitord... > Completed. > > I than checked and found three ossec_dbd processes running. That's why > the cp was not possible. > I stopped ossec and killed the remaining ossec-dbd processes. I then > cleaned my /var/ossec/bin/.process_list file to only contain > DB_DAEMON=ossec-dbd and started ossec again. Here is what it says: > > root@server:~/ossec-hids-2.7.1-beta-1# l /var/ossec/var/run/ > insgesamt 0 > root@server:~/ossec-hids-2.7.1-beta-1# /var/ossec/bin/ossec-control start > Starting OSSEC HIDS v2.7.1-beta-1 (by Trend Micro Inc.)... > Started ossec-dbd... > Started ossec-maild... > 2013/06/30 12:37:25 ossec-execd: INFO: Adding offenders timeout: 60 (for > #1) > 2013/06/30 12:37:25 ossec-execd: INFO: Adding offenders timeout: 120 > (for #2) > 2013/06/30 12:37:25 ossec-execd: INFO: Adding offenders timeout: 1440 > (for #3) > Started ossec-execd... > Started ossec-analysisd... > Started ossec-logcollector... > Started ossec-syscheckd... > Started ossec-monitord... > Completed. > root@server:~/ossec-hids-2.7.1-beta-1# l /var/ossec/var/run/ > insgesamt 24 > -rw-r----- 1 ossec ossec 6 Jun 30 12:37 ossec-analysisd-20823.pid > -rw-r----- 1 root ossec 6 Jun 30 12:37 ossec-execd-20819.pid > -rw-r----- 1 root root 6 Jun 30 12:37 ossec-logcollector-20827.pid > -rw-r----- 1 ossecm ossec 6 Jun 30 12:37 ossec-maild-20814.pid > -rw-r----- 1 ossec ossec 6 Jun 30 12:37 ossec-monitord-20834.pid > -rw-r----- 1 root root 6 Jun 30 12:37 ossec-syscheckd-20831.pid > > root@server:~/ossec-hids-2.7.1-beta-1# ps aux | grep ossec > root 20810 0.0 0.3 44700 1680 ? S 12:37 0:00 /var/ossec/bin/ossec-dbd > ossecm 20814 0.0 0.1 12644 604 ? S 12:37 0:00 /var/ossec/bin/ossec-maild > root 20819 0.0 0.0 12512 504 ? S 12:37 0:00 /var/ossec/bin/ossec-execd > ossec 20823 0.1 0.4 14356 2428 ? S 12:37 0:00 > /var/ossec/bin/ossec-analysisd > root 20827 0.0 0.1 4284 580 ? S 12:37 0:00 > /var/ossec/bin/ossec-logcollector > root 20831 1.8 0.1 4556 724 ? S 12:37 0:02 /var/ossec/bin/ossec-syscheckd > ossec 20834 0.0 0.1 12772 592 ? S 12:37 0:00 /var/ossec/bin/ossec-monitord > root 20906 0.0 0.1 11724 916 pts/0 S+ 12:40 0:00 grep ossec > > ossec.log does not contain any further insight, only some of these (that > I fix soon) > ossec-dbd(5202): ERROR: Error connecting to database > '127.0.0.1'(ossecdb): ERROR: Access denied for user 'ossec'@'localhost' > to database 'ossecdb'. > > To me it seems that ossec-dbd forgets to place a pid file in var/run/. I > did a quick search in the source code but couldn't find the right spot. > I'm on Debian 7 64bit. > > Regards > Christian > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.