On Mon, Aug 15, 2011 at 8:07 PM, David Cottle <[email protected]> wrote: > No, it's a Centos 6 i686 server. The ossec I am running is from the atomic > repo. >
The reports I've seen are about Centos 6 + OSSEC 2.6. > What's strange my second server, a Centos 6 x86 64 bit does NOT do this with > the same package (obviously one is i686 other is x64) but same versions. > > I checked selinux and even set enforcing 0 to test. But roll back the package > it does not happen on this i686 server. > > I suspect the package probably has a wrong permission or owner on a file, > that's why it's effected, > > What logs can I check? That line refers to some ossec-logtest being run, so I > suspect this. > Yes, line 209 runs ossec-logtest. You can comment out the line if you need to. It's not necessary (it just checks the configuration to make sure it isn't too broken). The problem's known, if nothing else. > Obviously with two servers and one working once I can find out what it can be > check the owners, etc and compare. > > Cheers, > David > > Sent from my iPad > > On 16/08/2011, at 9:59, "dan (ddp)" <[email protected]> wrote: > >> Is your system using upstart? That seems to be a problem for that line >> in the script. >> >> On Mon, Aug 15, 2011 at 7:42 PM, [email protected] >> <[email protected]> wrote: >>> This only happened last week when I updated ossec-hids: >>> >>> /var/ossec/bin/ossec-control: line 209: echo: write error: Broken pipe >>> >>> Any idea's how to debug it? >>> >>> If I yum downgrade ossec* it goes away, so something is wrong. >
