Try this patch from here: https://bitbucket.org/dcid/ossec-hids/commits/eb98bdae15cec6ccf04190d0badbd3b0de6f84b7
As it may fix the problem. thanks, On Mon, Apr 18, 2016 at 7:16 PM, theresa mic-snare <[email protected]> wrote: > will need to take a proper look at what's causing those segfaults > tomorrow... > > > Am Dienstag, 19. April 2016 00:11:45 UTC+2 schrieb theresa mic-snare: >> >> oh no!! >> OSSEC segfaulted >> >> 2016-04-19T00:01:58.311800+02: >> 00 tron kernel: ossec-monitord[20021]: segfault at 1a ip 00007f68290ab8b5 >> sp 00007fff84248bc0 error 4 in libc-2.12.so[7f6829008000+18a000] >> >> since this was 1 Minute after midnight I suspect reportd causes this.... >> >> this is what the OSSEC log has to say: >> >> 2016/04/19 00:01:53 ossec-monitord: INFO: Starting daily reporting for >> 'OSSEC: Authentication Report' >> 2016/04/19 00:01:58 ossec-monitord: INFO: Report 'OSSEC: Authentication >> Report' completed. Creating output... >> 2016/04/19 00:02:13 ossec-monitord: INFO: Starting daily reporting for >> 'Daily report: File changes' >> 2016/04/19 00:02:18 ossec-monitord: INFO: Report 'Daily report: File >> changes' completed. Creating output... >> >> a few seconds later another segfault >> >> 2016-04-19T00:02:18.278790+02: >> 00 tron kernel: ossec-monitord[20062]: segfault at 1a ip 00007f68290ab8b5 >> sp 00007fff84248bc0 error 4 in libc-2.12.so[7f6829008000+18a000] >> >> Hmm... :( >> >> Am Montag, 18. April 2016 17:37:48 UTC+2 schrieb dan (ddpbsd): >>> >>> On Mon, Apr 18, 2016 at 11:34 AM, theresa mic-snare >>> <[email protected]> wrote: >>> > Awesome, thanks for the tip Dan! >>> > I will look for it tonight, if it actually works and does send a >>> > report, >>> > then I will send a PR with a disclaimer on the documentation page, >>> > because >>> > it isn't mentioned there yet. >>> > >>> >>> Much appreciated! >>> >>> > I have also looked at the code to see if I could find any indicator >>> > when the >>> > email would be sent...but alas, I haven't found anything there either. >>> > >>> >>> My bad memory is telling me monitord is the place to look. >>> >>> > >>> > Am Montag, 18. April 2016 17:24:37 UTC+2 schrieb theresa mic-snare: >>> >> >>> >> Hi all, >>> >> >>> >> I've configured reportd to send reports on syscheck and successful >>> >> authentication >>> >> >>> >> <reports> >>> >> <category>authentication_success</category> >>> >> <title>OSSEC: Authentication Report</title> >>> >> <email_to>[email protected]</email_to> >>> >> <showlogs>yes</showlogs> >>> >> </reports> >>> >> >>> >> <reports> >>> >> <category>syscheck</category> >>> >> <title>Daily report: File changes</title> >>> >> <email_to>[email protected]</email_to> >>> >> </reports> >>> >> >>> >> >>> >> However, I can run those reports fine in the terminal, but it doesn't >>> >> send >>> >> any reports through email. >>> >> >>> >> Yes: I have checked that ossec-maild is running.... it is, I swear! >>> >> Yes: I have checked the spam/junk folder in my inbox as well.... I >>> >> swear! >>> >> >>> >> When I run reportd manually it displays the report just fine....and >>> >> even >>> >> in the logs it says >>> >> >>> >> 2016/04/18 17:13:49 ossec-reportd: INFO: Report completed. Creating >>> >> output... >>> >> >>> >> I'd expect it at least to say this after I restart OSSEC as well? >>> >> >>> >> When does ossec-reportd run or does it have to be started through a >>> >> cronjob? >>> >> Does the mailing of reports work for you? >>> >> >>> >> best, >>> >> theresa >>> > >>> > -- >>> > >>> > --- >>> > You received this message because you are subscribed to the Google >>> > Groups >>> > "ossec-list" group. >>> > To unsubscribe from this group and stop receiving emails from it, send >>> > an >>> > email to [email protected]. >>> > For more options, visit https://groups.google.com/d/optout. > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
