Re: [psad-discuss] psadwatchd not restarting psad
Brought to you by:
mbr
Menu
▾
▴
Re: [psad-discuss] psadwatchd not restarting psad
|
From: Michael R. <mb...@ci...> - 2009-01-04 20:43:57
|
On Jan 02, 2009, Albert E. Whale wrote: > I am seeing that the psadwatchd daemon is not able to restart the psad > daemon on one of my servers. What debugging info can I assist with? When psad starts up, it writes the pid out to the file /var/run/psad/psad.pid. Are there any psad processes running on your system? If you installed psad from sources, you could run "make debug" in the sources directory, stop psad, and then do: # ./psadwatchd Since it is compiled in debug mode, it should produce output like this as it starts psad and then checks to see if it is running: [+] check_unique_pid(): opening pid file /var/run/psad/psadwatchd.pid [+] executing exec_binary(/usr/sbin/psad) sending mail: -s "[*] psadwatchd: Restarting psad on minastirith" root@localhost < /dev/null > /dev/null 2>&1 [+] restarting /usr/sbin/psad [-] psad not running. Trying to restart (1 tries so far). [+] psad is running. [+] psad is running. [+] psad is running. [+] psad is running. -- Michael Rash http://www.cipherdyne.org/ Key fingerprint: E2EF 0C8A 5AA9 654C 4763 B50F 37AC E946 7F51 8271 > > -- > Albert E. Whale, CHS CISA CISSP > Sr. Security, Network and Systems Consultant > ------------------------------------------------------------------------ > ABS Computer Technology, Inc. <http://www.ABS-CompTech.com> - Email, > Internet and Security Consultants > > ------------------------------------------------------------------------------ > _______________________________________________ > psad-discuss mailing list > psa...@li... > https://lists.sourceforge.net/lists/listinfo/psad-discuss |
