Do any other daemons do this?
On Thu, Feb 23, 2012 at 6:07 AM, Florian Crouzat
<[email protected]> wrote:
> Hi list,
>
> I think ossec could benefits to check it's decoder and rules constistancy
> before stopping the daemon and failling to start when doing
> "/etc/init.d/ossec-hids restart" (using ossec-analysisd?)
>
> Doing so will avoid loosing logs while trying to understand what is wrong
> with the configuration. You might tell me I should myself use ossec-logtest
> before restarting but developers should think users are stupid ;)
>
That's sad. :( I assume the stupid users are the ones using something else.
> I also realized that the console (std{err,out}) message(s) when failing to
> start because of a broken decoder doesn't help, at all:
>
> 2012/02/23 11:57:44 ossec-syscheckd(1210): NOTICE: Queue is
> '/var/ossec/queue/ossec/queue'.
> [...]
> 2012/02/23 11:58:05 ossec-syscheckd(1210): NOTICE: Queue is
> '/var/ossec/queue/ossec/queue'.
> 2012/02/23 11:58:05 ossec-rootcheck(1211): ERROR: Unable to access queue:
> '/var/ossec/queue/ossec/queue'. Giving up..
>
> The correct messages appear in /var/ossec/logs/ossec.log but not on
> std{err,out}, ossec-analysisd should probably logs to the console too.
>
> 2012/02/23 11:57:41 ossec-analysisd: Invalid decoder name: 'unison'.
> 2012/02/23 11:57:41 ossec-analysisd(1220): ERROR: Error loading the rules:
> 'local_rules.xml'.
>
>
> --
> Cheers,
> Florian Crouzat
