Hi,

I've been running PSAD on around 20 servers for a while now and lately PSAD
crashes randomly on almost all of these 20 servers. The log file shows
nothing in particular (attached), except for a (re)start.

The crash happens almost daily on any 1 server and the log always shows the
same. The configuration is the exact same on all servers (managed by
puppet). Puppet always restarts the PSAD service on each machine
successfully (no manual intervention required).

However, I would like to understand why it crashes in the first place.
Attached are my config file and answer file used to install PSAD. I'm using
version:

root@vps:/# psad -V
[+] psad v2.4.3 by Michael Rash <m...@cipherdyne.org>

I do see a bunch of notifications in the errs/psad.die file:

Sat Jun 11 18:22:46 2016 psad v2.4.3 pid: 21328 whois alarm at
/usr/sbin/psad line 7397, <$fwdata_fh> line 1275.
Tue Jun 21 12:04:12 2016 psad v2.4.3 pid: 30888 whois alarm at
/usr/sbin/psad line 7397, <$fwdata_fh> line 854.

These also show up in the psad.warn file:

Sat Jun 11 18:22:46 2016 psad v2.4.3 pid: 21328 whois alarm at
/usr/sbin/psad line 7397, <$fwdata_fh> line 1275.
Tue Jun 21 12:04:12 2016 psad v2.4.3 pid: 30888 whois alarm at
/usr/sbin/psad line 7397, <$fwdata_fh> line 854.

But they don't necessarily correspond to the time/date of the crash. The
attached logfile shows a restart for today, but no message appears in the
warn or die log.

Any clue as to what is wrong? Is this a configuration error? Or am I
encountering some sort of bug?

All my servers are running a completely up-to-date version of Ubuntu 14.04
server LTS:

root@vps:/# lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu 14.04.4 LTS
Release:        14.04
Codename:       trusty

Any help is very much appreciated!

Regards,
Rinck

Attachment: install.answers
Description: Binary data

Attachment: psad.log
Description: Binary data

Attachment: psad.conf
Description: Binary data

------------------------------------------------------------------------------
Attend Shape: An AT&T Tech Expo July 15-16. Meet us at AT&T Park in San
Francisco, CA to explore cutting-edge tech and listen to tech luminaries
present their vision of the future. This family event has something for
everyone, including kids. Get more information and register today.
http://sdm.link/attshape
_______________________________________________
psad-discuss mailing list
psad-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/psad-discuss

Reply via email to