[ossec-list] Segmentation fault when running /var/ossec/bin/ossec-control start after update from ossec 2.4.1 to 2.5

Tue, 28 Sep 2010 03:48:02 -0700 

Hi all,

i tried to update my ossec-server in my test environment from 2.4.1 to 2.5 an 
found the following issue:

At the end of the installation process I see the following message:

/var/ossec/bin/ossec-control: line 218:  5449 Segmentation fault      
${DIR}/bin/${i} ${DEBUG_CLI}

The same message occurs if I manually try to stop and start the ossec-daemons:

sles11-sp1-vm1-kus:~/ossec/2.5/ossec-hids-2.5 # /var/ossec/bin/ossec-control 
stop
ossec-monitord not running ..
Killing ossec-logcollector ..
Killing ossec-remoted ..
ossec-syscheckd not running ..
Killing ossec-analysisd ..
ossec-maild not running ..
ossec-execd not running ..
Killing ossec-dbd ..
OSSEC HIDS v2.5 Stopped
sles11-sp1-vm1-kus:~/ossec/2.5/ossec-hids-2.5 # /var/ossec/bin/ossec-control 
start
Starting OSSEC HIDS v2.5 (by Trend Micro Inc.)...
2010/09/28 11:17:22 ossec-testrule: INFO: Reading local decoder file.
Started ossec-dbd...
2010/09/28 11:17:23 ossec-maild: INFO: E-Mail notification disabled. Clean Exit.
Started ossec-maild...
Started ossec-execd...
Started ossec-analysisd...
Started ossec-logcollector...
Started ossec-remoted...
2010/09/28 11:17:23 ossec-syscheckd(1702): INFO: No directory provided for 
syscheck to monitor.
/var/ossec/bin/ossec-control: line 218:  5612 Segmentation fault      
${DIR}/bin/${i} ${DEBUG_CLI}

The ossec.log looks ok:

2010/09/28 11:17:23 ossec-remoted: INFO: Started (pid: 5609).
2010/09/28 11:17:23 ossec-remoted: INFO: Started (pid: 5611).
2010/09/28 11:17:23 ossec-remoted(4111): INFO: Maximum number of agents 
allowed: '256'.
2010/09/28 11:17:23 ossec-remoted(1410): INFO: Reading authentication keys file.
2010/09/28 11:17:23 ossec-remoted: INFO: Assigning counter for agent 
SLES10SP3VM: '18:6820'.
2010/09/28 11:17:23 ossec-remoted: INFO: Assigning counter for agent W2008R2: 
'14:3236'.
2010/09/28 11:17:23 ossec-remoted: INFO: Assigning counter for agent RHEL4U8VM: 
'24:690'.
2010/09/28 11:17:23 ossec-remoted: INFO: Assigning counter for agent W2K3R2VM1: 
'6:9681'.
2010/09/28 11:17:23 ossec-remoted: INFO: Assigning counter for agent 
Solaris10U8VM: '30:1165'.
2010/09/28 11:17:23 ossec-remoted: INFO: Assigning counter for agent SCOTDC201: 
'11:5439'.
2010/09/28 11:17:23 ossec-remoted: INFO: Assigning counter for agent 
VMWareESX35-MEI: '1:6500'.
2010/09/28 11:17:23 ossec-remoted: INFO: Assigning sender counter: 9:6099
2010/09/28 11:17:23 ossec-remoted(1501): ERROR: No IP or network allowed in the 
access list for syslog. No reason for running it. Exiting.
2010/09/28 11:17:23 ossec-syscheckd(1702): INFO: No directory provided for 
syscheck to monitor.
2010/09/28 11:17:26 ossec-dbd: INFO: Started (pid: 5589).
2010/09/28 11:17:29 ossec-logcollector(1950): INFO: Analyzing file: 
'/var/log/messages'.
2010/09/28 11:17:29 ossec-logcollector(1950): INFO: Analyzing file: 
'/var/log/mail.info'.
2010/09/28 11:17:29 ossec-logcollector: INFO: Started (pid: 5605).

Except the segfault message everything seems to be running.
Any ideas or anybody with the same issue?

Thanks and regards,

Kai-Uwe

Reply via email to