Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Wazuh Remoted Service PID Constant Changes #2594

Open
BPJOHN1990 opened this issue Nov 12, 2023 · 0 comments
Open

Wazuh Remoted Service PID Constant Changes #2594

BPJOHN1990 opened this issue Nov 12, 2023 · 0 comments

Comments

@BPJOHN1990
Copy link

Hi all,

My Wazuh-remoted service keep restarting every 10 to 20 minutes resulting in PID changes hence generating tons of alerts, can anyone advise why is this happening?

Received From: wazuh-server->netstat listening ports
Rule: 533 fired (level 7) -> "Listened ports status (netstat) changed (new port opened or closed)."
Portion of the log(s):
ossec: output: 'netstat listening ports':
tcp 0.0.0.0:22 0.0.0.0:* 2078/sshd
tcp6 :::22 :::* 2078/sshd
tcp 127.0.0.1:25 0.0.0.0:* 2282/master
tcp6 ::1:25 :::* 2282/master
tcp 0.0.0.0:111 0.0.0.0:* 1001/rpcbind
tcp6 :::111 :::* 1001/rpcbind
udp 0.0.0.0:111 0.0.0.0:* 1001/rpcbind
udp6 :::111 :::* 1001/rpcbind
udp 127.0.0.1:323 0.0.0.0:* 870/chronyd
udp6 ::1:323 :::* 870/chronyd
tcp 0.0.0.0:443 0.0.0.0:* 7769/node
tcp 192.168.10.41:XXX 0.0.0.0:* 7847/wazuh-remoted
udp 192.168.10.41:XXX 0.0.0.0:* 7848/wazuh-remoted
udp 0.0.0.0:730 0.0.0.0:* 1001/rpcbind
udp6 :::730 :::* 1001/rpcbind
tcp 0.0.0.0:1514 0.0.0.0:* 7846/wazuh-remoted
tcp 0.0.0.0:1515 0.0.0.0:* 7749/wazuh-authd
tcp6 127.0.0.1:9200 :::* 7807/java
tcp6 127.0.0.1:9300 :::* 7807/java
tcp 0.0.0.0:55000 0.0.0.0:* 7709/python3

Previous output:
ossec: output: 'netstat listening ports':
tcp 0.0.0.0:22 0.0.0.0:* 2078/sshd
tcp6 :::22 :::* 2078/sshd
tcp 127.0.0.1:25 0.0.0.0:* 2282/master
tcp6 ::1:25 :::* 2282/master
tcp 0.0.0.0:111 0.0.0.0:* 1001/rpcbind
tcp6 :::111 :::* 1001/rpcbind
udp 0.0.0.0:111 0.0.0.0:* 1001/rpcbind
udp6 :::111 :::* 1001/rpcbind
udp 127.0.0.1:323 0.0.0.0:* 870/chronyd
udp6 ::1:323 :::* 870/chronyd
tcp 0.0.0.0:443 0.0.0.0:* 7769/node
tcp 192.168.10.XXX:514 0.0.0.0:* 6196/wazuh-remoted
udp 192.168.10.XXX:514 0.0.0.0:* 6197/wazuh-remoted
udp 0.0.0.0:730 0.0.0.0:* 1001/rpcbind
udp6 :::730 :::* 1001/rpcbind
tcp 0.0.0.0:1514 0.0.0.0:* 7846/wazuh-remoted
tcp 0.0.0.0:1515 0.0.0.0:* 7749/wazuh-authd
tcp6 127.0.0.1:9200 :::* 7807/java
tcp6 127.0.0.1:9300 :::* 7807/java
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@BPJOHN1990