I have successfully installed the ossec server on Solaris 10 with one
minor problem as soon as the ossec server beings to write to the
database, ossec-dbd crashes.
When I restart the ossec server, all of the daemon processes runs
fine:
===
ossec-monitord is running...
ossec-logcollector is running...
ossec-remoted is running...
ossec-syscheckd is running...
ossec-analysisd is running...
ossec-maild is running...
ossec-execd is running...
ossec-dbd is running...
==
However as a test, I try to generate an alert and see if it gets
logged in to the database. But as soon as it tries to write in to the
database, ossec-dbd stops. Here's the steps that I took to generate
the alert:
1. stop ossec server ( ossec-control stop)
2. stop the ossec agent. Stopped the agent through Windows services
3. start the ossec server (ossec-control start)
4. as soon as I see that all the daemon process are running, I start
the ossec-agent again through Windows Service. However as soon as I
start it, a few seconds after ossec-dbd would just stop running, but
the ossec server was able to send an alert via email (this is how I
now that an alert was generated)
I investigated further by running ossec-dbd as a foreground process
(ossec-dbd -f) and restarted the ossec agent. As expected as soon as
the agent starts, ossec-dbd stops and outputs a segmentation fault
(with no other verbose but a segmentation fault)
Another observation that I found out is that, for some reason, ossec-
dbd doesn't crash if I generate a level 9 alert, in particular Rule:
5302 because when I do a SELECT query on to the alert table, I see
values being inserted. One thing to note here is that, this is the
only level 9 alert that I was able to generate at the moment. If you
can suggest or provide a step-by-step procedure on how generate other
type of alerts as a test, it would be appreciated.
