Wazuh Remoted Service PID Constant Changes

[BPJOHN1990]

Hi all,

My Wazuh-remoted service keep restarting every 10 to 20 minutes resulting in PID changes hence generating tons of alerts, can anyone advise why is this happening?

Received From: wazuh-server->netstat listening ports
Rule: 533 fired (level 7) -> "Listened ports status (netstat) changed (new port opened or closed)."
Portion of the log(s):
ossec: output: 'netstat listening ports':
tcp 0.0.0.0:22 0.0.0.0:* 2078/sshd
tcp6 :::22 :::* 2078/sshd
tcp 127.0.0.1:25 0.0.0.0:* 2282/master
tcp6 ::1:25 :::* 2282/master
tcp 0.0.0.0:111 0.0.0.0:* 1001/rpcbind
tcp6 :::111 :::* 1001/rpcbind
udp 0.0.0.0:111 0.0.0.0:* 1001/rpcbind
udp6 :::111 :::* 1001/rpcbind
udp 127.0.0.1:323 0.0.0.0:* 870/chronyd
udp6 ::1:323 :::* 870/chronyd
tcp 0.0.0.0:443 0.0.0.0:* 7769/node
tcp 192.168.10.41:XXX 0.0.0.0:* 7847/wazuh-remoted
udp 192.168.10.41:XXX 0.0.0.0:* 7848/wazuh-remoted
udp 0.0.0.0:730 0.0.0.0:* 1001/rpcbind
udp6 :::730 :::* 1001/rpcbind
tcp 0.0.0.0:1514 0.0.0.0:* 7846/wazuh-remoted
tcp 0.0.0.0:1515 0.0.0.0:* 7749/wazuh-authd
tcp6 127.0.0.1:9200 :::* 7807/java
tcp6 127.0.0.1:9300 :::* 7807/java
tcp 0.0.0.0:55000 0.0.0.0:* 7709/python3

Previous output:
ossec: output: 'netstat listening ports':
tcp 0.0.0.0:22 0.0.0.0:* 2078/sshd
tcp6 :::22 :::* 2078/sshd
tcp 127.0.0.1:25 0.0.0.0:* 2282/master
tcp6 ::1:25 :::* 2282/master
tcp 0.0.0.0:111 0.0.0.0:* 1001/rpcbind
tcp6 :::111 :::* 1001/rpcbind
udp 0.0.0.0:111 0.0.0.0:* 1001/rpcbind
udp6 :::111 :::* 1001/rpcbind
udp 127.0.0.1:323 0.0.0.0:* 870/chronyd
udp6 ::1:323 :::* 870/chronyd
tcp 0.0.0.0:443 0.0.0.0:* 7769/node
tcp 192.168.10.XXX:514 0.0.0.0:* 6196/wazuh-remoted
udp 192.168.10.XXX:514 0.0.0.0:* 6197/wazuh-remoted
udp 0.0.0.0:730 0.0.0.0:* 1001/rpcbind
udp6 :::730 :::* 1001/rpcbind
tcp 0.0.0.0:1514 0.0.0.0:* 7846/wazuh-remoted
tcp 0.0.0.0:1515 0.0.0.0:* 7749/wazuh-authd
tcp6 127.0.0.1:9200 :::* 7807/java
tcp6 127.0.0.1:9300 :::* 7807/java