I found an old thread from Dec 2010 about a bug where the keepalive
messages being logged into archive.log had a scrambled string of
characters at the end. Daniel mentioned that it was a bug that had been
fixed in the latest snapshot at the time.
I'm using version 2.6 from the ART repository (build 2.6-16,
specifically) and I'm still seeing messages like the following:
2012 Oct 19 12:05:35 eureka->ossec-keepalive --MARK--:
f.^YU;4v9u0qrtQp1I8PimU8^[AmTwBY7k4vc*/tfYJwAI'Jy2;H%[jX+=sInTPCmnf2/e-Rk$w;ppCO*8+h3MnaDF-/G)ASPFp]=TNQArIQ_!Mo]BvYvIgY$,e2&Eo$r*8XE3hn_Pl98X=3G0v1d^7y@@[dXX&%IT)vq[ITKb!mY1x/vSh#^%TUTNgYS-G]=u4W2UXUVBo1KLhnLo[uKNxLIDd]7=EhZQ3we8yhdN8N;^i(L
Does this mean that the bug has re-surfaced, or that the most recent
(Aug 2012) ART package somehow does not include the bugfix?
- [ossec-list] archive.log keepalive bug Courtney Grimland
-
