Hi Matthias, Can you try the following snapshot?
http://www.ossec.net/files/snapshots/ossec-hids-090326.tar.gz I believe we fixed this issue in there. Thanks, -- Daniel B. Cid dcid ( at ) ossec.net On Wed, Mar 25, 2009 at 5:22 PM, matthias platzer <[email protected]> wrote: > > Michael, > > Indeed, I am running ossec on Centos 5.2 x86_64, so maybe this is > platform(architecture) specific. I may remember having read something > about a segfault on x86_64 on the list... but can't find the post > right now. > > I found the answer about my question regarding syscheck_update, that > tool empties the syscheck database and ossec should be stopped before > running it. (or restarted afterwards) The right tool here would be > agent_control. (running syscheck immediatly) > > regards, > matthias > > On Mar 25, 2:47 pm, Michael Caplan <[email protected]> > wrote: >> Matthias, >> >> I'm wondering if this is a platform specific issue. By any chance, are >> you running on 64bit linux? I'm running 64bit CentOS 5.2. I don't have >> this issue on a 32bit install of CentOS 5.2. >> >> Thanks, >> >> Mike >> >> >> >> On Wed, 2009-03-25 at 08:12 -0400, ddp wrote: >> > Try "-u local" >> > -u local Update syscheck database locally. >> >> > I'm not getting a segfault for local or remote clients. Not even >> > clients that aren't connected. >> >> > dan >> >> > On Tue, Mar 24, 2009 at 7:09 PM, matthias platzer <[email protected]> >> > wrote: >> >> > > hi, >> >> > > I just upgraded to 2.0... >> > > same here, seg fault with local and agent id >> > > ./syscheck_control -i 006 >> >> > > Integrity changes for agent 'wsus (006) - x.x.x.x': >> > > Segmentation fault >> >> > > immediately after issuing >> > > ./syscheck_update -u 006 >> > > the seg fault is gone for the agent 006. >> >> > > But ./syscheck_update -u 000 >> >> > > ** Invalid agent id '000' >> >> > > How could I update for the local server 000 ? >> >> > > Anyway, from ./syscheck_control -h >> > > "-u <id> Updates (clear) the database for the agent." >> >> > > Does this mean, clear the database and build a new one or just update >> > > it by running syscheck. And what for is syscheck_update then? >> > > And what would be the proper way to run syscheck on an agent (from the >> > > server) ? >> >> > > BTW, I might have found a bug: >> > > On a Windows 2000 Server, agent-2.0, setting syscheck.sleep_after=150 >> > > in internal_options.conf prevents the agent from startup. >> >> > > tia+regards, >> > > matthias >> >> Please consider the environment before printing this email. >> >> E-mail messages may contain viruses, worms, or other malicious code. By >> reading the message and opening any attachments, the recipient accepts full >> responsibility for taking protective action against such code. Henry Schein >> is not liable for any loss or damage arising from this message. >> >> The information in this email is confidential and may be legally privileged. >> It is intended solely for the addressee(s). Access to this e-mail by anyone >> else is unauthorized. >
