I experienced the issue with CentOS 5.5, which may be easier to find than 5.2 or 5.3.
Thanks, -- Doug Burks, GSE, CISSP President, Greater Augusta ISSA http://augusta.issa.org http://securityonion.blogspot.com On Wed, May 4, 2011 at 2:19 PM, dan (ddp) <[email protected]> wrote: > I'm trying to find a CentOS 5.2 or 5.3 ISO right now to see if I can > reproduce this. No luck so far. > > I don't think it's a packet thing, I think one of the components in > ossec-analysisd is interacting poorly with something in CentOS that > was updated (to a version that doesn't have a problem with what's in > OSSEC) between 5.3 and 5.6. > I haven't had time to track down the CentOS changelogs for clues though. > > On Wed, May 4, 2011 at 1:43 PM, Kat <[email protected]> wrote: >> PS - I can packet capture on both ends - what would you want to see??? >> >> On May 4, 11:11 am, Kat <[email protected]> wrote: >>> RHEL 5.3 >>> >>> Only "special" update is PHP 5.3, which would have nothing to do with >>> OSSEC, but mentioning it. >>> >>> I would be happy to supply some debug info. >>> >>> It was working flawlessly when first installed, then they just started >>> dropping off. Agents are a mixture of AIX 6.1 , RHEL 5.3 and Solaris >>> 10 >>> The only agents that have never exhibited any problems are the Windoze >>> boxes. >>> >>> -k >>> >>> On May 4, 10:59 am, "dan (ddp)" <[email protected]> wrote: >>> >>> > What OS/distro/revision are you using on your manager system? >>> > Daniel Cid has offered to help track it down, but he needs access to a >>> > system showing this issue. >>> > dan >
