Hello folks. I'm facing the same problem with ossec-csyslogd daemon. Every time I start the process, it crashes after a few minutes.
I've tried to get some gdb traces as asked and here is what I get: Starting program: /var/ossec/bin/ossec-csyslogd warning: no loadable sections found in added symbol-file system-supplied DSO at 0x2aaaaaaab000 [New process 503] Program received signal SIGSEGV, Segmentation fault. [Switching to process 504] 0x000000000040219f in inet_addr () (gdb) backtrace #0 0x000000000040219f in inet_addr () #1 0x00000000004024bd in inet_addr () #2 0x000000000040289f in inet_addr () #3 0x00000031c081d994 in __libc_start_main () from /lib64/libc.so.6 #4 0x0000000000401d79 in inet_addr () #5 0x00007fffffffea38 in ?? () #6 0x0000000000000000 in ?? () The version installed is : Thanks, Regards - Bruno -----Message d'origine----- De : [email protected] [mailto:[email protected]] De la part de blacklight Envoyé : mardi 7 juin 2011 23:43 À : ossec-list Objet : [ossec-list] Re: Concern about the ossec-csyslogd daemon If I were to put this daemon under gdb, I am concerned that I could be accumulating debugger data this for weeks before this daemon crashes again. Hopefully, this daemon crash is a once in a blue moon event. On the other hand, once in a blue moon events are very hard to troubleshoot. If it's indeed a once in a blue moon event, I'll live with that. BTW, I haven't found anything in the /var/log/messages that even hint at a crash. And from reading the /var/ossec/logs/ossec.log at the time of the crash, you'd think that the OSSEC service was the picture of health. On Jun 7, 2:16 pm, Daniel Cid <[email protected]> wrote: > It shouldn't segfault even during a package update... If any of you > can run it under gdb, it would be awesome :) > > thanks, > > On Tue, Jun 7, 2011 at 1:44 PM, Jefferson, Shawn > > > > > > > > <[email protected]> wrote: > > I looked back through my logs and here is the alert: > > > ossec-alerts-06.log:Jun 6 10:12:55 bcfossec kernel: [501421.634671] > > ossec-csyslogd[3014]: segfault at 0 ip b7775821 sp bfc4ffbc error 4 > > in libc-2.11.1.so[b7702000+153000] > > > To the original poster: what OS are you running your OSSEC server on? I'm on Ubuntu 10.04.2 LTS. I wonder if the segfault was caused by some package being updated/upgraded? > > > -----Original Message----- > > From: [email protected] > > [mailto:[email protected]] On Behalf Of Daniel Cid > > Sent: Monday, June 06, 2011 6:48 PM > > To: [email protected] > > Subject: Re: [ossec-list] Concern about the ossec-csyslogd daemon > > > At least OSSEC is reporting it :) And yes, try to run it under gdb > > so we can see where it is crashing. Or try the latest snapshot to > > see if it works there. > > > Thanks, > > > On Mon, Jun 6, 2011 at 6:58 PM, dan (ddp) <[email protected]> wrote: > >> Please try running it under gdb: > > >> gdb ossec-csyslogd > > >> (gdb) set follow-fork-mode child > >> (gdb) run > > >> On Mon, Jun 6, 2011 at 5:50 PM, Jefferson, Shawn > >> <[email protected]> wrote: > >>> Hey, I had the same crash too! > > >>> -----Original Message----- > >>> From: [email protected] > >>> [mailto:[email protected]] On Behalf Of blacklight > >>> Sent: Monday, June 06, 2011 2:36 PM > >>> To: ossec-list > >>> Subject: [ossec-list] Concern about the ossec-csyslogd daemon > > >>> Hello Folks, > > >>> I have a concern about the csyslogd demon: > > >>> 2011 Jun 04 13:51:03 Rule Id: 151601 level: 7 > >>> Location: ossec-server->/var/log/messages Grouping of kernel error > >>> rules. > >>> Jun 4 13:51:02 ossec-server kernel: ossec-csyslogd[21507]: > >>> segfault at > >>> 0000000000000000 rip 0000003dd8479a30 rsp 00007fff23ba3a88 error 4 > > >>> The ossec-csyslogd daemon crashed over the weekend over a single > >>> segfault. I have no idea what caused this segfault. I am worried > >>> that this daemon is less than rock solid. > > >>> Regards,
