HPE Community
Operating System - HP-UX
1833784 Members
2560 Online
110063 Solutions
New Discussion

HIDS/9000 A.02.02 idsagent does not start anymore

 
SOLVED
Go to solution
Gratien D'haese_2
Advisor

‎10-24-2004 11:39 PM

‎10-24-2004 11:39 PM

HIDS/9000 A.02.02 idsagent does not start anymore

$ /sbin/init.d/idsagent start
logout
idsagent daemon started
Mon Oct 25 13:25:10 2004: libcomm: pid=7017 thread_id=1: comm_init: error binding
to 10.0.0.1, port 2985: errno=226, Address already in use
idsagent: idsagent initialization failed. See /var/opt/ids/error.log for details.
Exiting

in error.log file:
Mon Oct 25 13:10:26 2004: rcm_init: Could not initialize communication library: errno=
226:Address already in use.
Mon Oct 25 13:21:55 2004: rcm_init: Could not initialize communication library:
errno=226:Address already in use.

$ ps -ef|grep ids
ids 2893 1 0 11:47:42 ? 1:31 idssysdsp -c 407 -o /var/opt/ids
//ids_1000 -s 408 -q 65535 -

ids 2895 1 0 11:47:42 ? 0:28 idskerndsp -c 409 -o /var/opt/id
s//ids_1000 -s 410 -q 65535

ids 2892 1 5 11:47:42 ? 4:12 idscor -i /var/opt/ids//ids_1000
-o 404 -c 405 -s 406 -q 655

$ ls /var/opt/ids
alert.log error.log ids_1000 schedule
dsfs gui lib tmp

$ netstat -a | grep hpidsa
tcp 0 0 ids_client.54522 ids_admin.hpidsadmin ESTABLISHED

tcp 0 0 ids_client.hpidsagent *.* LISTEN

tcp 0 0 ids_client.hpidsagent ids_admin.64092 ESTABLISHED

Why is the hpidsagent port still listening? The idsagent daemon is stopped.
It must be used by one of the other daemons?

What must I do to start the idsagent again?
0 Kudos
4 REPLIES 4
Steven E. Protter
Exalted Contributor

‎10-25-2004 12:46 AM

‎10-25-2004 12:46 AM

Re: HIDS/9000 A.02.02 idsagent does not start anymore

It would appear that either the network address and/or port is in use.

Can you ping 10.0.0.1, and is it resolving to your hostname.

netstat -rn or -an and see if something else is using the port.

Have you restarted the system lately?

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Rainer von Bongartz
Honored Contributor

‎10-25-2004 01:03 AM

‎10-25-2004 01:03 AM

Solution

Re: HIDS/9000 A.02.02 idsagent does not start anymore

do

ps -ef | grep ids

and look for any run-away IDS process

idscor -i /var/opt/ids//ids_1004 -o 3853 -c 3854 -s 3855 -q
idskerndsp -c 3858 -o /var/opt/ids//ids_1004 -s 3859 -q 1638
./idsagent -a
dssysdsp -c 3856 -o /var/opt/ids//ids_1004 -s 3857 -q 16384

Regards
Rainer
He's a real UNIX Man, sitting in his UNIX LAN making all his UNIX plans for nobody ...
0 Kudos
Gratien D'haese_2
Advisor

‎10-25-2004 01:28 AM

‎10-25-2004 01:28 AM

Re: HIDS/9000 A.02.02 idsagent does not start anymore

Indeed when I killed manually the 3 other daemons (idscor, idssysdsp and idskerndsp) and then restarted the idsagent it worked again.
And, before I restarted the idsagent I removed the /var/opt/ids/ids_1000 file, and it was magically recreated by the idsagent.

Furthermore, I noticed when you stop the idsgent via idsgui the idsagent process keeps on running, but the 3 other daemons disappear.

Conclusion: problem occured by killing the idsagent manually without following the proper procedure.

Thanks for the replies - now I understand the flow.
0 Kudos
Gratien D'haese_2
Advisor

‎10-25-2004 01:31 AM

‎10-25-2004 01:31 AM

Re: HIDS/9000 A.02.02 idsagent does not start anymore

Do not execute a "kill -KILL pid_of_idsagent"

Use "kill -TERM pid_of_idsagent" instead.
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.