Kind of off the wall: Do you have very long agent names?
On Tue, Mar 27, 2012 at 4:46 PM, MDACC-Luckie <luckief...@gmail.com> wrote: > Our config is pretty standard with respect to the ossec.conf. The > only non-standard thing we have is that we are usiing port 9025 for > SMTP on the mail server we are using rather than 25. We have that > changed in the sendmail.c file that is used when everything is > compiled: > > OSSEC.CONF > > <global> > <email_notification>yes</email_notification> > <email_to>os...@xxxxxxxxxx.xxx</email_to> > <smtp_server>dcprpafszenoss2.xxxxxxxxxx.xxx</smtp_server> > <email_from>oss...@xxxxxxxxxx.xxx</email_from> > <email_maxperhour>1000</email_maxperhour> > </global> > > SENDMAIL.C > > /* Default values use to connect */ > #define SMTP_DEFAULT_PORT 9025 > #define HELOMSG "Helo notify.ossec.net\r\n" > #define MAILFROM "Mail From: <%s>\r\n" > #define RCPTTO "Rcpt To: <%s>\r\n" > #define DATAMSG "DATA\r\n" > #define FROM "From: OSSEC HIDS <%s>\r\n" > #define TO "To: <%s>\r\n" > #define CC "Cc: <%s>\r\n" > #define SUBJECT "Subject: %s\r\n" > #define ENDDATA "\r\n.\r\n" > #define QUITMSG "QUIT\r\n" > > It was working prior to the increase of the number of agents supported > and the recompile. I ran a tcpdump on the manager and don't see the > manager even attempting to try to connect to the SMTP host on port > 9025, only using the agent/manager connection between the two boxes. > > > > On Mar 27, 3:36 pm, "dan (ddp)" <ddp...@gmail.com> wrote: >> What's your mail configuration in the manager's ossec.conf? >> >> I wish ossec was compiled with -ggdb by default. It might make the gdb >> information a bit easier to follow. >> >> >> >> On Thu, Mar 22, 2012 at 1:47 PM, MDACC-Luckie <luckief...@gmail.com> wrote: >> > I increased the number of agents my installation was capable of >> > supporting, reinstalled and then copied my saved ossec.conf file and >> > internal_options.conf into the ossec/etc directory and restarted >> > ossec. My ossec-maild daemon starts, runs for a few seconds and then >> > dies. >> >> > I ran the following based on a previous email thread I saw and have >> > attached the results. Please let me know if anyone has ideas on why >> > it is happening: >> >> > [root@dcprpoemprddb1 logs]# gdb /opt/ossec/bin/ossec-maild >> > GNU gdb (GDB) Red Hat Enterprise Linux (7.0.1-23.el5_5.2) >> > Copyright (C) 2009 Free Software Foundation, Inc. >> > License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/ >> > gpl.html> >> > This is free software: you are free to change and redistribute it. >> > There is NO WARRANTY, to the extent permitted by law. Type "show >> > copying" >> > and "show warranty" for details. >> > This GDB was configured as "x86_64-redhat-linux-gnu". >> > For bug reporting instructions, please see: >> > <http://www.gnu.org/software/gdb/bugs/>... >> > Reading symbols from /opt/ossec/bin/ossec-maild...done. >> > (gdb) set follow-fork-mode child >> > (gdb) run >> > Starting program: /opt/ossec/bin/ossec-maild >> > [New process 2615] >> > [New process 2616] >> >> > Program received signal SIGSEGV, Segmentation fault. >> > [Switching to process 2616] >> > 0x000000387c879b60 in strlen () from /lib64/libc.so.6 >> > (gdb) bt >> > #0 0x000000387c879b60 in strlen () from /lib64/libc.so.6 >> > #1 0x000000387c846cb9 in vfprintf () from /lib64/libc.so.6 >> > #2 0x000000387c8699da in vsnprintf () from /lib64/libc.so.6 >> > #3 0x000000387c84d5e3 in snprintf () from /lib64/libc.so.6 >> > #4 0x0000000000402d66 in OS_RecvMailQ (fileq=0x635640, >> > p=0x387cb56cc0, Mail=0x7fffffffe870, msg_sms=0x7fffffffe7e0) >> > at os_maild_client.c:96 >> > #5 0x0000000000402848 in OS_Run (mail=0x7fffffffe870) at maild.c:381 >> > #6 0x00000000004023d0 in main (argc=1, argv=0x7fffffffe9f8) at >> > maild.c:171 >> > (gdb)- Hide quoted text - >> >> - Show quoted text -
