On Thursday, August 1, 2013 9:33:50 AM UTC-4, dan (ddpbsd) wrote: > > On Thu, Aug 1, 2013 at 7:52 AM, biciunas <pa...@biciunas.com <javascript:>> > wrote: > > From /var/log/messages > > Jul 30 13:11:12 <server name> kernel: ossec-maild[10096]: segfault at > > 0000000000000000 rip 00002add4f72322c rsp 00007fff577262e0 error 4 > > Jul 30 13:11:32 <server name> kernel: ossec-maild[10097]: segfault at > > 0000000000000000 rip 00002add4f72322c rsp 00007fff577262e0 error 4 > > Jul 30 16:00:04 <server name> kernel: ossec-maild[10188]: segfault at > > 0000000000000000 rip 00002add4f72322c rsp 00007fff577262e0 error 4 > > Jul 30 16:00:04 <server name> kernel: ossec-maild[10189]: segfault at > > 0000000000000000 rip 00002add4f72322c rsp 00007fff577262e0 error 4 > > Jul 30 16:00:04 <server name> kernel: ossec-maild[10190]: segfault at > > 0000000000000000 rip 00002add4f72322c rsp 00007fff577262e0 error 4 > > Jul 30 16:00:04 <server name> kernel: ossec-maild[10191]: segfault at > > 0000000000000000 rip 00002add4f72322c rsp 00007fff577262e0 error 4 > > Jul 30 16:00:04 <server name> kernel: ossec-maild[10192]: segfault at > > 0000000000000000 rip 00002add4f72322c rsp 00007fff577262e0 error 4 > > Jul 30 16:00:04 <server name> kernel: ossec-maild[10193]: segfault at > > 0000000000000000 rip 00002add4f72322c rsp 00007fff577262e0 error 4 > > > > Running OSSEC HIDS v2.7 on CentOS 6.4 server. No other messages relating > to > > ossec-maild in any other log. The only change I had made was in > ossec.conf, > > I commented out the default email address in <global > > > If you correct that mistake does it work? > > I reverted the file so the email_to element is no longer commented out, and restarted ossec; it's been running for over 3 hours without segfaulting. I guess my question now is, why would commenting out that line cause a segfault (assuming that that's the cause)?
> > <global> > > <email_notification>yes</email_notification> > > <!-- > > <email_to>f...@bar.com <javascript:></email_to> > > --> > > <smtp_server>baz-mailer</smtp_server> > > <email_from>foo...@baz.com <javascript:></email_from> > > </global> > > > > Other than that, I made no other changes. There are alerts that meet the > > email thresholds at or about the time of segfaults. > > > > Any ideas? > > > > -- > > > > --- > > You received this message because you are subscribed to the Google > Groups > > "ossec-list" group. > > To unsubscribe from this group and stop receiving emails from it, send > an > > email to ossec-list+...@googlegroups.com <javascript:>. > > For more options, visit https://groups.google.com/groups/opt_out. > > > > > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
