No, it's a Centos 6 i686 server. The ossec I am running is from the atomic repo.
What's strange my second server, a Centos 6 x86 64 bit does NOT do this with the same package (obviously one is i686 other is x64) but same versions. I checked selinux and even set enforcing 0 to test. But roll back the package it does not happen on this i686 server. I suspect the package probably has a wrong permission or owner on a file, that's why it's effected, What logs can I check? That line refers to some ossec-logtest being run, so I suspect this. Obviously with two servers and one working once I can find out what it can be check the owners, etc and compare. Cheers, David Sent from my iPad On 16/08/2011, at 9:59, "dan (ddp)" <ddp...@gmail.com> wrote: > Is your system using upstart? That seems to be a problem for that line > in the script. > > On Mon, Aug 15, 2011 at 7:42 PM, webmas...@aus-city.com > <webmas...@aus-city.com> wrote: >> This only happened last week when I updated ossec-hids: >> >> /var/ossec/bin/ossec-control: line 209: echo: write error: Broken pipe >> >> Any idea's how to debug it? >> >> If I yum downgrade ossec* it goes away, so something is wrong.