oh no!! OSSEC segfaulted 2016-04-19T00:01:58.311800+02: 00 tron kernel: ossec-monitord[20021]: segfault at 1a ip 00007f68290ab8b5 sp 00007fff84248bc0 error 4 in libc-2.12.so[7f6829008000+18a000]
since this was 1 Minute after midnight I suspect reportd causes this.... this is what the OSSEC log has to say: 2016/04/19 00:01:53 ossec-monitord: INFO: Starting daily reporting for 'OSSEC: Authentication Report' 2016/04/19 00:01:58 ossec-monitord: INFO: Report 'OSSEC: Authentication Report' completed. Creating output... 2016/04/19 00:02:13 ossec-monitord: INFO: Starting daily reporting for 'Daily report: File changes' 2016/04/19 00:02:18 ossec-monitord: INFO: Report 'Daily report: File changes' completed. Creating output... a few seconds later another segfault 2016-04-19T00:02:18.278790+02: 00 tron kernel: ossec-monitord[20062]: segfault at 1a ip 00007f68290ab8b5 sp 00007fff84248bc0 error 4 in libc-2.12.so[7f6829008000+18a000] Hmm... :( Am Montag, 18. April 2016 17:37:48 UTC+2 schrieb dan (ddpbsd): > > On Mon, Apr 18, 2016 at 11:34 AM, theresa mic-snare > <[email protected] <javascript:>> wrote: > > Awesome, thanks for the tip Dan! > > I will look for it tonight, if it actually works and does send a report, > > then I will send a PR with a disclaimer on the documentation page, > because > > it isn't mentioned there yet. > > > > Much appreciated! > > > I have also looked at the code to see if I could find any indicator when > the > > email would be sent...but alas, I haven't found anything there either. > > > > My bad memory is telling me monitord is the place to look. > > > > > Am Montag, 18. April 2016 17:24:37 UTC+2 schrieb theresa mic-snare: > >> > >> Hi all, > >> > >> I've configured reportd to send reports on syscheck and successful > >> authentication > >> > >> <reports> > >> <category>authentication_success</category> > >> <title>OSSEC: Authentication Report</title> > >> <email_to>[email protected] <javascript:></email_to> > >> <showlogs>yes</showlogs> > >> </reports> > >> > >> <reports> > >> <category>syscheck</category> > >> <title>Daily report: File changes</title> > >> <email_to>[email protected] <javascript:></email_to> > >> </reports> > >> > >> > >> However, I can run those reports fine in the terminal, but it doesn't > send > >> any reports through email. > >> > >> Yes: I have checked that ossec-maild is running.... it is, I swear! > >> Yes: I have checked the spam/junk folder in my inbox as well.... I > swear! > >> > >> When I run reportd manually it displays the report just fine....and > even > >> in the logs it says > >> > >> 2016/04/18 17:13:49 ossec-reportd: INFO: Report completed. Creating > >> output... > >> > >> I'd expect it at least to say this after I restart OSSEC as well? > >> > >> When does ossec-reportd run or does it have to be started through a > >> cronjob? > >> Does the mailing of reports work for you? > >> > >> best, > >> theresa > > > > -- > > > > --- > > You received this message because you are subscribed to the Google > Groups > > "ossec-list" group. > > To unsubscribe from this group and stop receiving emails from it, send > an > > email to [email protected] <javascript:>. > > For more options, visit https://groups.google.com/d/optout. > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
