I have successfully installed the ossec server on Solaris 10 with one minor problem as soon as the ossec server beings to write to the database, ossec-dbd crashes.
When I restart the ossec server, all of the daemon processes runs fine: ======================= ossec-monitord is running... ossec-logcollector is running... ossec-remoted is running... ossec-syscheckd is running... ossec-analysisd is running... ossec-maild is running... ossec-execd is running... ossec-dbd is running... ====================== However as a test, I try to generate an alert and see if it gets logged in to the database. But as soon as it tries to write in to the database, ossec-dbd stops. Here's the steps that I took to generate the alert: 1. stop ossec server ( ossec-control stop) 2. stop the ossec agent. Stopped the agent through Windows services 3. start the ossec server (ossec-control start) 4. as soon as I see that all the daemon process are running, I start the ossec-agent again through Windows Service. However as soon as I start it, a few seconds after ossec-dbd would just stop running, but the ossec server was able to send an alert via email (this is how I now that an alert was generated) I investigated further by running ossec-dbd as a foreground process (ossec-dbd -f) and restarted the ossec agent. As expected as soon as the agent starts, ossec-dbd stops and outputs a segmentation fault (with no other verbose but a segmentation fault) Another observation that I found out is that, for some reason, ossec- dbd doesn't crash if I generate a level 9 alert, in particular Rule: 5302 because when I do a SELECT query on to the alert table, I see values being inserted. One thing to note here is that, this is the only level 9 alert that I was able to generate at the moment. If you can suggest or provide a step-by-step procedure on how generate other type of alerts as a test, it would be appreciated.
