Thanks! So it is a known issue :) Is the latest nightly got it fixed?
I can hassle atomic to rebuild it since it's broken. Do you have a bug number so I can send it to them as they said they can't find any issue. Cheers, David Sent from my iPad On 16/08/2011, at 10:13, "dan (ddp)" <[email protected]> wrote: > On Mon, Aug 15, 2011 at 8:07 PM, David Cottle <[email protected]> wrote: >> No, it's a Centos 6 i686 server. The ossec I am running is from the atomic >> repo. >> > > The reports I've seen are about Centos 6 + OSSEC 2.6. > >> What's strange my second server, a Centos 6 x86 64 bit does NOT do this with >> the same package (obviously one is i686 other is x64) but same versions. >> >> I checked selinux and even set enforcing 0 to test. But roll back the >> package it does not happen on this i686 server. >> >> I suspect the package probably has a wrong permission or owner on a file, >> that's why it's effected, >> >> What logs can I check? That line refers to some ossec-logtest being run, so >> I suspect this. >> > > Yes, line 209 runs ossec-logtest. You can comment out the line if you > need to. It's not necessary (it just checks the configuration to make > sure it isn't too broken). > > The problem's known, if nothing else. > >> Obviously with two servers and one working once I can find out what it can >> be check the owners, etc and compare. >> >> Cheers, >> David >> >> Sent from my iPad >> >> On 16/08/2011, at 9:59, "dan (ddp)" <[email protected]> wrote: >> >>> Is your system using upstart? That seems to be a problem for that line >>> in the script. >>> >>> On Mon, Aug 15, 2011 at 7:42 PM, [email protected] >>> <[email protected]> wrote: >>>> This only happened last week when I updated ossec-hids: >>>> >>>> /var/ossec/bin/ossec-control: line 209: echo: write error: Broken pipe >>>> >>>> Any idea's how to debug it? >>>> >>>> If I yum downgrade ossec* it goes away, so something is wrong. >>
