On Mon, Jun 10, 2019 at 3:17 PM Nate <[email protected]> wrote: > > Hi, > > My ossec-dbd process keeps crashing after a few days and I wanted to know how > I can go about getting more information out as to why it's happening because > the OSSEC logs are sparse (just info entries of the services starting up each > time): > > [U@secserv etc]# service ossec status > ossec-monitord is running... > ossec-logcollector is running... > ossec-remoted is running... > ossec-syscheckd is running... > ossec-analysisd is running... > ossec-maild is running... > ossec-execd is running... > ossec-dbd: Process 27555 not used by ossec, removing .. > ossec-dbd not running... > ossec-csyslogd not running... > ossec-agentlessd not running... > [U@secserv etc]# service ossec restart > Stopping OSSEC: [ OK ] > Starting OSSEC: [ OK ] > [U@secserv etc]# /var/ossec/bin/ossec-control > ossec-monitord is running... > ossec-logcollector is running... > ossec-remoted is running... > ossec-syscheckd is running... > ossec-analysisd is running... > ossec-maild is running... > ossec-execd is running... > ossec-dbd is running... > ossec-csyslogd not running... > ossec-agentlessd not running... > > > Currently my setup is Centos 6.9 with mysql 5.1.73. Before I spiral down the > rabbit hole of upgrades how can I enable some debugging on the server to > hopefully spot the ossec-dbd crashing? Is it just internal_options' > logcollector.debug=1 >
dbd and logcollector are different, so I don't think that will help. Running dbd with the `-d` flag could be useful. Running it under gdb and collecting a backtrace might be useful. Rebuilding OSSEC with `DEBUG=yes` would provide more information. `gdb /var/ossec/bin/ossec-dbd` When in gdb: set follow-fork-mode child run -d or just `run -df` > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/ossec-list/38df63f8-020d-4470-b7ba-e228fa5b40af%40googlegroups.com. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ossec-list/CAMyQvMofj8c5EY4QBEwxHdcyuy7CyM_3HpG1aKvrHL8f-Y5VXQ%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
