Hi Daniel, Are you sure ossec did this? First, it doesn't run on kernel mode, so even if it crashed, it would not crash the whole system. It also doesn't use a lot of memory, so I can't see it being responsible for that...
Can you show us more information? If you are still getting alerts from that agent, it means that ossec didn't died on there, so something else caused that... Thanks, -- Daniel B. Cid dcid ( at ) ossec.net On 8/23/07, Paquet Daniel <[EMAIL PROTECTED]> wrote: > > Well my DHCP server got nerfed by oom-killer that seems to be invoked from > ossec. What's up with that? > > And I have a bunch of stack dump after the oom-killer invoked from ossec. > Here is the mail I got from ossec: > > OSSEC HIDS Notification. > 2007 Aug 23 01:12:00 > > Received From: (DHCP-MASTER) xxx.xxx.xxx.xxx ->/var/log/messages > Rule: 1002 fired (level 7) -> "Unknown problem somewhere in the system." > Portion of the log(s): > > Aug 23 01:11:58 d-132-204-220-8 kernel: [<c0404aa5>] error_code+0x39/0x40 > > > Then a bunch of > > OSSEC HIDS Notification. > 2007 Aug 23 01:12:00 > > Received From: (DHCP-MASTER) xxx.xxx.xxx.xxx->/var/log/messages > Rule: 1002 fired (level 7) -> "Unknown problem somewhere in the system." > Portion of the log(s): > > Aug 23 01:11:58 d-132-204-220-8 kernel: [<c0404aa5>] DWARF2 unwinder stuck > at error_code+0x39/0x40error_code+0x39/0x40 > > And my logs are more fun. Anyone know why he did this? Or can tell me what > can I seek to correct the issue. By chance I have 2 dhcp servers the other > one took the control when my master one died. > > -- > Daniel Paquet > Technicien Informatique > Service des RĂ©sidences > 514-343-6111 #1665 >
