Dominique, Could you try 2.7.1 Alpha build from http://www.ossec.net/?page_id=19 and see it the issue is still there?
On Tuesday, April 9, 2013 12:00:23 PM UTC-7, Dominique Derrier wrote: > > Hi all, > On a fresh Install I've got : > > ./ossec-csyslogd -D /var/ossec -f > 2013/04/09 14:57:07 ossec-csyslogd: INFO: Started (pid: 17899). > *** glibc detected *** ./ossec-csyslogd: malloc(): memory corruption: > 0x08798990 *** > Aborted > > But no trouble with: -d flag > ./ossec-csyslogd -D /var/ossec -f -d > > Regards, > Dominique > > Le lundi 18 février 2013 08:07:45 UTC-5, Uldis Biks a écrit : >> >> Hi everyone, >> >> I`m trying to enable log forwarding from ossec server to syslog by >> enabling client-syslog option from ossec-control script. Running >> ossec-control >> start shows that ossec-csyslogd is started but after that running >> ossec-control >> status ossec-csyslogd dies. When debug is enabled everything is working >> as it should and syslog receives messages. Ossec server 2.7, OS RHEL5.9 >> i386, selinux disabled. >> Any idea anyone where could be a problem? >> >> [root@~ bin]# ./ossec-control enable client-syslog >> [root@~ bin]# ./ossec-control restart >> Killing ossec-monitord .. >> Killing ossec-logcollector .. >> Killing ossec-remoted .. >> Killing ossec-syscheckd .. >> Killing ossec-analysisd .. >> ossec-maild not running .. >> ossec-execd not running .. >> ossec-csyslogd not running .. >> OSSEC HIDS v2.7 Stopped >> Starting OSSEC HIDS v2.7 (by Trend Micro Inc.)... >> Started ossec-csyslogd... >> 2013/02/18 14:14:25 ossec-maild: INFO: E-Mail notification disabled. >> Clean Exit. >> Started >> ossec-maild... >> Started >> ossec-execd... >> Started >> ossec-analysisd... >> Started >> ossec-logcollector... >> Started >> ossec-remoted... >> Started >> ossec-syscheckd... >> Started >> ossec-monitord... >> Completed. >> [root@~ bin]# ./ossec-control status >> ossec-monitord is running... >> ossec-logcollector is running... >> ossec-remoted is running... >> ossec-syscheckd is running... >> ossec-analysisd is running... >> ossec-maild not running... >> ossec-execd not running... >> ossec-csyslogd: Process 6678 not used by ossec, removing .. >> ossec-csyslogd not running... >> >> ossec.log contains only one record about ossec-csyslogd, otherwise it`s >> clean. >> 2013/02/18 14:14:25 ossec-csyslogd: INFO: Started (pid: 6678). >> >> [root@~ bin]# ./ossec-control enable >> debug >> [root@~ bin]# ./ossec-control >> restart >> Killing ossec-monitord >> .. >> >> >> Killing ossec-logcollector >> .. >> >> >> Killing ossec-remoted >> .. >> >> >> Killing ossec-syscheckd >> .. >> >> >> Killing ossec-analysisd >> .. >> >> >> ossec-maild not running >> .. >> >> >> ossec-execd not running >> .. >> >> >> ossec-csyslogd not running >> .. >> >> >> OSSEC HIDS v2.7 >> Stopped >> >> >> Starting OSSEC HIDS v2.7 (by Trend Micro >> Inc.)... >> 2013/02/18 14:15:41 ossec-csyslogd: DEBUG: Starting >> ... >> Started >> ossec-csyslogd... >> >> >> 2013/02/18 14:15:41 ossec-maild: DEBUG: Starting >> ... >> 2013/02/18 14:15:41 ossec-maild: INFO: E-Mail notification disabled. >> Clean Exit. >> Started >> ossec-maild... >> >> >> Started >> ossec-execd... >> >> >> 2013/02/18 14:15:41 ossec-analysisd: DEBUG: Starting >> ... >> 2013/02/18 14:15:41 ossec-analysisd: DEBUG: Found user/group >> ... >> 2013/02/18 14:15:41 ossec-analysisd: DEBUG: Active response initialized >> ... >> 2013/02/18 14:15:41 adding rule: ...... [adding all rules] >> >> 2013/02/18 14:15:41 ossec-analysisd: DEBUG: Read configuration >> ... >> Started >> ossec-analysisd... >> >> >> 2013/02/18 14:15:41 ossec-logcollector: DEBUG: Starting >> ... >> Started >> ossec-logcollector... >> >> >> 2013/02/18 14:15:41 ossec-remoted: DEBUG: Starting >> ... >> Started >> ossec-remoted... >> >> >> 2013/02/18 14:15:41 ossec-rootcheck: DEBUG: Starting >> ... >> 2013/02/18 14:15:41 ossec-rootcheck: Starting queue >> ... >> 2013/02/18 14:15:42 ossec-syscheckd: INFO: (unix_domain) Maximum send >> buffer set to: '110592'. >> Started >> ossec-syscheckd... >> >> >> 2013/02/18 14:15:42 ossec-monitord: DEBUG: Starting >> ... >> Started >> ossec-monitord... >> >> >> Completed. >> [root@~ bin]# ./ossec-control >> status >> ossec-monitord is >> running... >> ossec-logcollector is >> running... >> ossec-remoted is >> running... >> ossec-syscheckd is >> running... >> ossec-analysisd is >> running... >> ossec-maild not >> running... >> ossec-execd not >> running... >> ossec-csyslogd is running... >> >> ossec.log shows a bit more info now: >> 2013/02/18 14:15:41 ossec-csyslogd: DEBUG: Starting >> ... >> >> >> >> 2013/02/18 14:15:41 ossec-csyslogd: INFO: Chrooted to directory: >> /usr2/ossec, using user: >> ossecm >> >> >> 2013/02/18 14:15:41 ossec-csyslogd: INFO: Started (pid: >> 6883). >> >> >> >> 2013/02/18 14:15:41 ossec-csyslogd: INFO: File queue >> connected. >> >> >> >> 2013/02/18 14:15:41 ossec-csyslogd: INFO: Forwarding alerts via syslog >> to: '[syslog servr ip]:514'. >> >> After disabling debug on status query process dies again. >> > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.