Michael, Indeed, I am running ossec on Centos 5.2 x86_64, so maybe this is platform(architecture) specific. I may remember having read something about a segfault on x86_64 on the list... but can't find the post right now.
I found the answer about my question regarding syscheck_update, that tool empties the syscheck database and ossec should be stopped before running it. (or restarted afterwards) The right tool here would be agent_control. (running syscheck immediatly) regards, matthias On Mar 25, 2:47 pm, Michael Caplan <[email protected]> wrote: > Matthias, > > I'm wondering if this is a platform specific issue. By any chance, are > you running on 64bit linux? I'm running 64bit CentOS 5.2. I don't have > this issue on a 32bit install of CentOS 5.2. > > Thanks, > > Mike > > > > On Wed, 2009-03-25 at 08:12 -0400, ddp wrote: > > Try "-u local" > > -u local Update syscheck database locally. > > > I'm not getting a segfault for local or remote clients. Not even > > clients that aren't connected. > > > dan > > > On Tue, Mar 24, 2009 at 7:09 PM, matthias platzer <[email protected]> > > wrote: > > > > hi, > > > > I just upgraded to 2.0... > > > same here, seg fault with local and agent id > > > ./syscheck_control -i 006 > > > > Integrity changes for agent 'wsus (006) - x.x.x.x': > > > Segmentation fault > > > > immediately after issuing > > > ./syscheck_update -u 006 > > > the seg fault is gone for the agent 006. > > > > But ./syscheck_update -u 000 > > > > ** Invalid agent id '000' > > > > How could I update for the local server 000 ? > > > > Anyway, from ./syscheck_control -h > > > "-u <id> Updates (clear) the database for the agent." > > > > Does this mean, clear the database and build a new one or just update > > > it by running syscheck. And what for is syscheck_update then? > > > And what would be the proper way to run syscheck on an agent (from the > > > server) ? > > > > BTW, I might have found a bug: > > > On a Windows 2000 Server, agent-2.0, setting syscheck.sleep_after=150 > > > in internal_options.conf prevents the agent from startup. > > > > tia+regards, > > > matthias > > Please consider the environment before printing this email. > > E-mail messages may contain viruses, worms, or other malicious code. By > reading the message and opening any attachments, the recipient accepts full > responsibility for taking protective action against such code. Henry Schein > is not liable for any loss or damage arising from this message. > > The information in this email is confidential and may be legally privileged. > It is intended solely for the addressee(s). Access to this e-mail by anyone > else is unauthorized.
