I looked back through my logs and here is the alert: ossec-alerts-06.log:Jun 6 10:12:55 bcfossec kernel: [501421.634671] ossec-csyslogd[3014]: segfault at 0 ip b7775821 sp bfc4ffbc error 4 in libc-2.11.1.so[b7702000+153000]
To the original poster: what OS are you running your OSSEC server on? I'm on Ubuntu 10.04.2 LTS. I wonder if the segfault was caused by some package being updated/upgraded? -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Daniel Cid Sent: Monday, June 06, 2011 6:48 PM To: [email protected] Subject: Re: [ossec-list] Concern about the ossec-csyslogd daemon At least OSSEC is reporting it :) And yes, try to run it under gdb so we can see where it is crashing. Or try the latest snapshot to see if it works there. Thanks, On Mon, Jun 6, 2011 at 6:58 PM, dan (ddp) <[email protected]> wrote: > Please try running it under gdb: > > gdb ossec-csyslogd > > (gdb) set follow-fork-mode child > (gdb) run > > > On Mon, Jun 6, 2011 at 5:50 PM, Jefferson, Shawn > <[email protected]> wrote: >> Hey, I had the same crash too! >> >> -----Original Message----- >> From: [email protected] [mailto:[email protected]] On >> Behalf Of blacklight >> Sent: Monday, June 06, 2011 2:36 PM >> To: ossec-list >> Subject: [ossec-list] Concern about the ossec-csyslogd daemon >> >> Hello Folks, >> >> I have a concern about the csyslogd demon: >> >> 2011 Jun 04 13:51:03 Rule Id: 151601 level: 7 >> Location: ossec-server->/var/log/messages >> Grouping of kernel error rules. >> Jun 4 13:51:02 ossec-server kernel: ossec-csyslogd[21507]: segfault at >> 0000000000000000 rip 0000003dd8479a30 rsp 00007fff23ba3a88 error 4 >> >> The ossec-csyslogd daemon crashed over the weekend over a single >> segfault. I have no idea what caused this segfault. I am worried that >> this daemon is less than rock solid. >> >> Regards, >> >
