-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Adding an absurd amount of verbose() calls I tracked down my
problem: I was trying to verify integrity of named files in my
Fedora named chroot jail. read_dir() in create_db.c never finished
in the /var/named/chroot/proc directory.
So if anyone else running named chrooted in /var/named/chroot adds
<directories check_all="yes">/var/named</directories> to ossec.conf,
you probably want to add a corresponding
<ignore>/var/named/chroot/proc</ignore>. I imagine this would be a
problem for other chrooted software; however, once I tracked down
where the problem was and added the ignore line, I stopped
troubleshooting. It's not clear to me exactly why it was unhappy,
but it is clear that checking the integrity of things in /proc does
not make much sense -- those are too ephemeral.
-David
David Williams wrote:
> Hi,
> I have a small OSSEC installation and one of my agents won't check
> on more than one file. I've let it run for a while (a day or more).
> I'm getting alerts about logs so the communication between client
> and server is OK, and I see the syscheck file grow but only by one
> or two files for every restart of the agent. syscheck is running
> (status and top both report it working fine).
> Are there any troubleshooting tips I should try or do I just
> recreate the agent and see if that fixes it?
> Thanks for any pointers,
> -David
- --
_______________________________________________
GPG (http://www.gnupg.org/) key available from:
http://www.kayakero.net/per/david/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iD8DBQFHFl0zCzuSgviBh00RAqZiAJ4/gMFzpRNwhWgmcEGXIYOEu99njQCgyxf5
CtojCew1Gba+3Me0SQJJ/14=
=rmq9
-----END PGP SIGNATURE-----
