This is the first segfault I've had running the system for months and months, so I don't think it makes sense for me to run it under gdb (unless I see more segfaults, and then I definitely will.)
-----Original Message----- From: ossec-list@googlegroups.com [mailto:ossec-list@googlegroups.com] On Behalf Of Daniel Cid Sent: Tuesday, June 07, 2011 11:16 AM To: ossec-list@googlegroups.com Subject: Re: [ossec-list] Concern about the ossec-csyslogd daemon It shouldn't segfault even during a package update... If any of you can run it under gdb, it would be awesome :) thanks, On Tue, Jun 7, 2011 at 1:44 PM, Jefferson, Shawn <shawn.jeffer...@bcferries.com> wrote: > I looked back through my logs and here is the alert: > > ossec-alerts-06.log:Jun 6 10:12:55 bcfossec kernel: [501421.634671] > ossec-csyslogd[3014]: segfault at 0 ip b7775821 sp bfc4ffbc error 4 in > libc-2.11.1.so[b7702000+153000] > > To the original poster: what OS are you running your OSSEC server on? I'm on > Ubuntu 10.04.2 LTS. I wonder if the segfault was caused by some package > being updated/upgraded? > > > -----Original Message----- > From: ossec-list@googlegroups.com [mailto:ossec-list@googlegroups.com] On > Behalf Of Daniel Cid > Sent: Monday, June 06, 2011 6:48 PM > To: ossec-list@googlegroups.com > Subject: Re: [ossec-list] Concern about the ossec-csyslogd daemon > > At least OSSEC is reporting it :) And yes, try to run it under gdb so > we can see where it is crashing. Or try the latest snapshot > to see if it works there. > > Thanks, > > On Mon, Jun 6, 2011 at 6:58 PM, dan (ddp) <ddp...@gmail.com> wrote: >> Please try running it under gdb: >> >> gdb ossec-csyslogd >> >> (gdb) set follow-fork-mode child >> (gdb) run >> >> >> On Mon, Jun 6, 2011 at 5:50 PM, Jefferson, Shawn >> <shawn.jeffer...@bcferries.com> wrote: >>> Hey, I had the same crash too! >>> >>> -----Original Message----- >>> From: ossec-list@googlegroups.com [mailto:ossec-list@googlegroups.com] On >>> Behalf Of blacklight >>> Sent: Monday, June 06, 2011 2:36 PM >>> To: ossec-list >>> Subject: [ossec-list] Concern about the ossec-csyslogd daemon >>> >>> Hello Folks, >>> >>> I have a concern about the csyslogd demon: >>> >>> 2011 Jun 04 13:51:03 Rule Id: 151601 level: 7 >>> Location: ossec-server->/var/log/messages >>> Grouping of kernel error rules. >>> Jun 4 13:51:02 ossec-server kernel: ossec-csyslogd[21507]: segfault at >>> 0000000000000000 rip 0000003dd8479a30 rsp 00007fff23ba3a88 error 4 >>> >>> The ossec-csyslogd daemon crashed over the weekend over a single >>> segfault. I have no idea what caused this segfault. I am worried that >>> this daemon is less than rock solid. >>> >>> Regards, >>> >> >