You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
My Wazuh-remoted service keep restarting every 10 to 20 minutes resulting in PID changes hence generating tons of alerts, can anyone advise why is this happening?
Hi all,
My Wazuh-remoted service keep restarting every 10 to 20 minutes resulting in PID changes hence generating tons of alerts, can anyone advise why is this happening?
Received From: wazuh-server->netstat listening ports
Rule: 533 fired (level 7) -> "Listened ports status (netstat) changed (new port opened or closed)."
Portion of the log(s):
ossec: output: 'netstat listening ports':
tcp 0.0.0.0:22 0.0.0.0:* 2078/sshd
tcp6 :::22 :::* 2078/sshd
tcp 127.0.0.1:25 0.0.0.0:* 2282/master
tcp6 ::1:25 :::* 2282/master
tcp 0.0.0.0:111 0.0.0.0:* 1001/rpcbind
tcp6 :::111 :::* 1001/rpcbind
udp 0.0.0.0:111 0.0.0.0:* 1001/rpcbind
udp6 :::111 :::* 1001/rpcbind
udp 127.0.0.1:323 0.0.0.0:* 870/chronyd
udp6 ::1:323 :::* 870/chronyd
tcp 0.0.0.0:443 0.0.0.0:* 7769/node
tcp 192.168.10.41:XXX 0.0.0.0:* 7847/wazuh-remoted
udp 192.168.10.41:XXX 0.0.0.0:* 7848/wazuh-remoted
udp 0.0.0.0:730 0.0.0.0:* 1001/rpcbind
udp6 :::730 :::* 1001/rpcbind
tcp 0.0.0.0:1514 0.0.0.0:* 7846/wazuh-remoted
tcp 0.0.0.0:1515 0.0.0.0:* 7749/wazuh-authd
tcp6 127.0.0.1:9200 :::* 7807/java
tcp6 127.0.0.1:9300 :::* 7807/java
tcp 0.0.0.0:55000 0.0.0.0:* 7709/python3
Previous output:
ossec: output: 'netstat listening ports':
tcp 0.0.0.0:22 0.0.0.0:* 2078/sshd
tcp6 :::22 :::* 2078/sshd
tcp 127.0.0.1:25 0.0.0.0:* 2282/master
tcp6 ::1:25 :::* 2282/master
tcp 0.0.0.0:111 0.0.0.0:* 1001/rpcbind
tcp6 :::111 :::* 1001/rpcbind
udp 0.0.0.0:111 0.0.0.0:* 1001/rpcbind
udp6 :::111 :::* 1001/rpcbind
udp 127.0.0.1:323 0.0.0.0:* 870/chronyd
udp6 ::1:323 :::* 870/chronyd
tcp 0.0.0.0:443 0.0.0.0:* 7769/node
tcp 192.168.10.XXX:514 0.0.0.0:* 6196/wazuh-remoted
udp 192.168.10.XXX:514 0.0.0.0:* 6197/wazuh-remoted
udp 0.0.0.0:730 0.0.0.0:* 1001/rpcbind
udp6 :::730 :::* 1001/rpcbind
tcp 0.0.0.0:1514 0.0.0.0:* 7846/wazuh-remoted
tcp 0.0.0.0:1515 0.0.0.0:* 7749/wazuh-authd
tcp6 127.0.0.1:9200 :::* 7807/java
tcp6 127.0.0.1:9300 :::* 7807/java
The text was updated successfully, but these errors were encountered: