I've tried to figure that out, but it was nigh on impossible. The closest is that file descriptor, "10" but that doesn't mean much. I didn't see a filename.
It turns out that it wasn't *just* "\0\0\0\0" over and over -- there were some other escape sequences in there as well. But nothing that looked like "normal" data to me. The box that is exhibiting this behavior is a build server. The error is triggered during a build of our product, during a test stage. The ossec component that freaks out is ossec-syscheckd. Some things that strike me as notable: * The build doesn't run in, or make changes to, any files or directories that are monitored by syscheck * I have set the options for syscheck to 'report_changes="yes" realtime="yes" check_all="yes"' for all the files/dirs syscheck monitors I don't really know what else to look at at this point so any troubleshooting pointers are welcome. Thanks! -JDS On Friday, July 29, 2016 at 8:20:23 AM UTC-4, dan (ddpbsd) wrote: > > > Does strace happen to mention which file it's trying to read when this > happens? > > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
