will need to take a proper look at what's causing those segfaults tomorrow...
Am Dienstag, 19. April 2016 00:11:45 UTC+2 schrieb theresa mic-snare: > > oh no!! > OSSEC segfaulted > > 2016-04-19T00:01:58.311800+02: > 00 tron kernel: ossec-monitord[20021]: segfault at 1a ip 00007f68290ab8b5 > sp 00007fff84248bc0 error 4 in libc-2.12.so[7f6829008000+18a000] > > since this was 1 Minute after midnight I suspect reportd causes this.... > > this is what the OSSEC log has to say: > > 2016/04/19 00:01:53 ossec-monitord: INFO: Starting daily reporting for > 'OSSEC: > Authentication Report' > 2016/04/19 00:01:58 ossec-monitord: INFO: Report 'OSSEC: Authentication > Report' completed. Creating output... > 2016/04/19 00:02:13 ossec-monitord: INFO: Starting daily reporting for 'Daily > report: File changes' > 2016/04/19 00:02:18 ossec-monitord: INFO: Report 'Daily report: File > changes' completed. Creating output... > > a few seconds later another segfault > > 2016-04-19T00:02:18.278790+02: > 00 tron kernel: ossec-monitord[20062]: segfault at 1a ip 00007f68290ab8b5 > sp 00007fff84248bc0 error 4 in libc-2.12.so[7f6829008000+18a000] > > Hmm... :( > > Am Montag, 18. April 2016 17:37:48 UTC+2 schrieb dan (ddpbsd): >> >> On Mon, Apr 18, 2016 at 11:34 AM, theresa mic-snare >> <[email protected]> wrote: >> > Awesome, thanks for the tip Dan! >> > I will look for it tonight, if it actually works and does send a >> report, >> > then I will send a PR with a disclaimer on the documentation page, >> because >> > it isn't mentioned there yet. >> > >> >> Much appreciated! >> >> > I have also looked at the code to see if I could find any indicator >> when the >> > email would be sent...but alas, I haven't found anything there either. >> > >> >> My bad memory is telling me monitord is the place to look. >> >> > >> > Am Montag, 18. April 2016 17:24:37 UTC+2 schrieb theresa mic-snare: >> >> >> >> Hi all, >> >> >> >> I've configured reportd to send reports on syscheck and successful >> >> authentication >> >> >> >> <reports> >> >> <category>authentication_success</category> >> >> <title>OSSEC: Authentication Report</title> >> >> <email_to>[email protected]</email_to> >> >> <showlogs>yes</showlogs> >> >> </reports> >> >> >> >> <reports> >> >> <category>syscheck</category> >> >> <title>Daily report: File changes</title> >> >> <email_to>[email protected]</email_to> >> >> </reports> >> >> >> >> >> >> However, I can run those reports fine in the terminal, but it doesn't >> send >> >> any reports through email. >> >> >> >> Yes: I have checked that ossec-maild is running.... it is, I swear! >> >> Yes: I have checked the spam/junk folder in my inbox as well.... I >> swear! >> >> >> >> When I run reportd manually it displays the report just fine....and >> even >> >> in the logs it says >> >> >> >> 2016/04/18 17:13:49 ossec-reportd: INFO: Report completed. Creating >> >> output... >> >> >> >> I'd expect it at least to say this after I restart OSSEC as well? >> >> >> >> When does ossec-reportd run or does it have to be started through a >> >> cronjob? >> >> Does the mailing of reports work for you? >> >> >> >> best, >> >> theresa >> > >> > -- >> > >> > --- >> > You received this message because you are subscribed to the Google >> Groups >> > "ossec-list" group. >> > To unsubscribe from this group and stop receiving emails from it, send >> an >> > email to [email protected]. >> > For more options, visit https://groups.google.com/d/optout. >> > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
