On Fri, Mar 8, 2013 at 1:51 PM, kody abney <[email protected]> wrote: > Hello, howdy. I've been setting up OSSEC on a few different servers and I > really love it. I had a minor issue before with the agents, but this awesome > mailing list helped me figure it out. I now have my server and about 10 > hosts running perfectly. I did run into two strange situations though and am > not sure on the error. I thought perhaps it was the kernel version, but they > aren't the same kernel. This is the error I get on a fresh install while > trying to start the ossec agent; > > " > root@test/var/log# /var/ossec/bin/ossec-control restart > ossec-logcollector not running .. > ossec-syscheckd not running .. > ossec-agentd not running .. > ossec-execd not running .. > OSSEC HIDS v2.7 Stopped > Starting OSSEC HIDS v2.7 (by Trend Micro Inc.)... > Segmentation fault > " > > And my syslog actually grabs this error; > > > "Mar 8 10:48:57 test kernel: [774082.619228] ossec-execd[19295]: segfault > at 60e380 ip 000000000060e380 sp 00007fff9cd29a18 error 15 in > ossec-execd[60e000+1000]" > > The other server had the same exact error. I googled a bit but didn't see > much prudent information. One server is a dedicated FTP server, the other is > a web server, nothing much running. I'm not sure what the error indicates, > even if it specifies the ossec-execd has an error. > > Anyone have this similar problem? I can provide further information. There > is no error on the host server. > > > Much thanks, and have a nice day!! > > > Kody Abney > > Streaming Media Hosting >
Are these OSSEC server or OSSEC agents? What is your active response configuration? Try running ossec-execd under gdb: gdb /var/ossec/bin/ossec-execd set follow-fork-mode child run -df After it crashes run something like: bt And provide the output. > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/groups/opt_out. > > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
