Hi Pascal, Thanks for the bug report with the gdb output, it helps a lot to understand what is going on. OSSEC by default has a maximum limit of 256 agents and it seems that you have more than that and "ossec-remoted" is just crashing instead of generating an error about it.
Can you try the following snapshot: http://www.ossec.net/files/snapshots/ossec-hids-080301.tar.gz It should warn you about it instead of crashing. To increase the number of agents, just do: # cd src; make setmaxagents (it will ask you how many do you want.. ) # cd ../; ./install.sh *disregard my other e-mail, the extra debug is not necessary. Hope it helps. -- Daniel B. Cid dcid ( at ) ossec.net On Fri, Feb 29, 2008 at 12:50 PM, <[EMAIL PROTECTED]> wrote: > > Hi, > > I have around four hundred agents connecting to my ossec server, or should I > say used to connect to my ossec server. > Since today the ossec- remoted process crashes, and than not all agents are > able anymore to connect to the server. > I would appreciate any good ideas. > > OOOh yes, I tried this : > > gdb /var/ossec/bin/ossec-remoted > GNU gdb Red Hat Linux (6.5-25.el5rh) > Copyright (C) 2006 Free Software Foundation, Inc. > GDB is free software, covered by the GNU General Public License, and you are > welcome to change it and/or distribute copies of it under certain > conditions. > Type "show copying" to see the conditions. > There is absolutely no warranty for GDB. Type "show warranty" for details. > This GDB was configured as "i386-redhat-linux-gnu"...Using host libthread_db > library "/lib/libthread_db.so.1". > > (gdb) set follow-fork-mode child > (gdb) run > Starting program: /var/ossec/bin/ossec-remoted > [Thread debugging using libthread_db enabled] > [New Thread -1208387904 (LWP 2529)] > [New process 2532] > [New process 2533] > [New LWP 2534] > > Program received signal SIGSEGV, Segmentation fault. > [Switching to LWP 2534] > 0x00221a48 in strcmp () from /lib/libc.so.6 > (gdb) bt > #0 0x00221a48 in strcmp () from /lib/libc.so.6 > #1 0x08049f2b in save_controlmsg (agentid=263, r_msg=0xbfd5a73d "agent > startup ") at manager.c:73 > #2 0x0804b2d1 in HandleSecure () at secure.c:201 > #3 0x0804ae53 in HandleRemote (position=0, uid=506) at remoted.c:101 > #4 0x08049ea7 in main (argc=1, argv=0xbfd5c044) at main.c:140 > (gdb) > > > > > Thank you very much indeed. > > > Pascal > > > -------------------- Disclaimer -------------------- > > This message and any attachments are confidential. If you have received this > message in error please delete it from your system. If you require any > assistance please notify the sender. The Internet cannot guarantee the > integrity of this message and/or its possible attachments. 3C Communications > International SA (3C) shall therefore not be liable for this message if > modified or intercepted by anyone. All reasonable precautionary measures > have been implemented to prevent the transmission of viruses within this > message and/or its possible attachments, 3C refuses to accept any > responsibility for any damage caused by the contamination of your > information system. >
