[ossec-list] ossec-maild segfault
>From /var/log/messages Jul 30 13:11:12 kernel: ossec-maild[10096]: segfault at rip 2add4f72322c rsp 7fff577262e0 error 4 Jul 30 13:11:32 kernel: ossec-maild[10097]: segfault at rip 2add4f72322c rsp 7fff577262e0 error 4 Jul 30 16:00:04 kernel: ossec-maild[10188]: segfault at rip 2add4f72322c rsp 7fff577262e0 error 4 Jul 30 16:00:04 kernel: ossec-maild[10189]: segfault at rip 2add4f72322c rsp 7fff577262e0 error 4 Jul 30 16:00:04 kernel: ossec-maild[10190]: segfault at rip 2add4f72322c rsp 7fff577262e0 error 4 Jul 30 16:00:04 kernel: ossec-maild[10191]: segfault at rip 2add4f72322c rsp 7fff577262e0 error 4 Jul 30 16:00:04 kernel: ossec-maild[10192]: segfault at rip 2add4f72322c rsp 7fff577262e0 error 4 Jul 30 16:00:04 kernel: ossec-maild[10193]: segfault at rip 2add4f72322c rsp 7fff577262e0 error 4 Running OSSEC HIDS v2.7 on CentOS 6.4 server. No other messages relating to ossec-maild in any other log. The only change I had made was in ossec.conf, I commented out the default email address in yes baz-mailer foo...@baz.com Other than that, I made no other changes. There are alerts that meet the email thresholds at or about the time of segfaults. Any ideas? -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [ossec-list] ossec-maild segfault
On Thu, Aug 1, 2013 at 7:52 AM, biciunas wrote: > From /var/log/messages > Jul 30 13:11:12 kernel: ossec-maild[10096]: segfault at > rip 2add4f72322c rsp 7fff577262e0 error 4 > Jul 30 13:11:32 kernel: ossec-maild[10097]: segfault at > rip 2add4f72322c rsp 7fff577262e0 error 4 > Jul 30 16:00:04 kernel: ossec-maild[10188]: segfault at > rip 2add4f72322c rsp 7fff577262e0 error 4 > Jul 30 16:00:04 kernel: ossec-maild[10189]: segfault at > rip 2add4f72322c rsp 7fff577262e0 error 4 > Jul 30 16:00:04 kernel: ossec-maild[10190]: segfault at > rip 2add4f72322c rsp 7fff577262e0 error 4 > Jul 30 16:00:04 kernel: ossec-maild[10191]: segfault at > rip 2add4f72322c rsp 7fff577262e0 error 4 > Jul 30 16:00:04 kernel: ossec-maild[10192]: segfault at > rip 2add4f72322c rsp 7fff577262e0 error 4 > Jul 30 16:00:04 kernel: ossec-maild[10193]: segfault at > rip 2add4f72322c rsp 7fff577262e0 error 4 > > Running OSSEC HIDS v2.7 on CentOS 6.4 server. No other messages relating to > ossec-maild in any other log. The only change I had made was in ossec.conf, > I commented out the default email address in If you correct that mistake does it work? > > yes > > baz-mailer > foo...@baz.com > > > Other than that, I made no other changes. There are alerts that meet the > email thresholds at or about the time of segfaults. > > Any ideas? > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to ossec-list+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/groups/opt_out. > > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [ossec-list] ossec-maild segfault
On Thursday, August 1, 2013 9:33:50 AM UTC-4, dan (ddpbsd) wrote: > > On Thu, Aug 1, 2013 at 7:52 AM, biciunas > > wrote: > > From /var/log/messages > > Jul 30 13:11:12 kernel: ossec-maild[10096]: segfault at > > rip 2add4f72322c rsp 7fff577262e0 error 4 > > Jul 30 13:11:32 kernel: ossec-maild[10097]: segfault at > > rip 2add4f72322c rsp 7fff577262e0 error 4 > > Jul 30 16:00:04 kernel: ossec-maild[10188]: segfault at > > rip 2add4f72322c rsp 7fff577262e0 error 4 > > Jul 30 16:00:04 kernel: ossec-maild[10189]: segfault at > > rip 2add4f72322c rsp 7fff577262e0 error 4 > > Jul 30 16:00:04 kernel: ossec-maild[10190]: segfault at > > rip 2add4f72322c rsp 7fff577262e0 error 4 > > Jul 30 16:00:04 kernel: ossec-maild[10191]: segfault at > > rip 2add4f72322c rsp 7fff577262e0 error 4 > > Jul 30 16:00:04 kernel: ossec-maild[10192]: segfault at > > rip 2add4f72322c rsp 7fff577262e0 error 4 > > Jul 30 16:00:04 kernel: ossec-maild[10193]: segfault at > > rip 2add4f72322c rsp 7fff577262e0 error 4 > > > > Running OSSEC HIDS v2.7 on CentOS 6.4 server. No other messages relating > to > > ossec-maild in any other log. The only change I had made was in > ossec.conf, > > I commented out the default email address in > > If you correct that mistake does it work? > > I reverted the file so the email_to element is no longer commented out, and restarted ossec; it's been running for over 3 hours without segfaulting. I guess my question now is, why would commenting out that line cause a segfault (assuming that that's the cause)? > > > > yes > > > > baz-mailer > > foo...@baz.com > > > > > > Other than that, I made no other changes. There are alerts that meet the > > email thresholds at or about the time of segfaults. > > > > Any ideas? > > > > -- > > > > --- > > You received this message because you are subscribed to the Google > Groups > > "ossec-list" group. > > To unsubscribe from this group and stop receiving emails from it, send > an > > email to ossec-list+...@googlegroups.com . > > For more options, visit https://groups.google.com/groups/opt_out. > > > > > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [ossec-list] ossec-maild segfault
On Thu, Aug 1, 2013 at 10:15 AM, biciunas wrote: > > > On Thursday, August 1, 2013 9:33:50 AM UTC-4, dan (ddpbsd) wrote: >> >> On Thu, Aug 1, 2013 at 7:52 AM, biciunas wrote: >> > From /var/log/messages >> > Jul 30 13:11:12 kernel: ossec-maild[10096]: segfault at >> > rip 2add4f72322c rsp 7fff577262e0 error 4 >> > Jul 30 13:11:32 kernel: ossec-maild[10097]: segfault at >> > rip 2add4f72322c rsp 7fff577262e0 error 4 >> > Jul 30 16:00:04 kernel: ossec-maild[10188]: segfault at >> > rip 2add4f72322c rsp 7fff577262e0 error 4 >> > Jul 30 16:00:04 kernel: ossec-maild[10189]: segfault at >> > rip 2add4f72322c rsp 7fff577262e0 error 4 >> > Jul 30 16:00:04 kernel: ossec-maild[10190]: segfault at >> > rip 2add4f72322c rsp 7fff577262e0 error 4 >> > Jul 30 16:00:04 kernel: ossec-maild[10191]: segfault at >> > rip 2add4f72322c rsp 7fff577262e0 error 4 >> > Jul 30 16:00:04 kernel: ossec-maild[10192]: segfault at >> > rip 2add4f72322c rsp 7fff577262e0 error 4 >> > Jul 30 16:00:04 kernel: ossec-maild[10193]: segfault at >> > rip 2add4f72322c rsp 7fff577262e0 error 4 >> > >> > Running OSSEC HIDS v2.7 on CentOS 6.4 server. No other messages relating >> > to >> > ossec-maild in any other log. The only change I had made was in >> > ossec.conf, >> > I commented out the default email address in >> >> If you correct that mistake does it work? >> > > I reverted the file so the email_to element is no longer commented out, and > restarted ossec; it's been running for over 3 hours without segfaulting. > I guess my question now is, why would commenting out that line cause a > segfault (assuming that that's the cause)? > Not sure, but maild doesn't make any sense if you're not sending mail. >> >> > >> > yes >> > >> > baz-mailer >> > foo...@baz.com >> > >> > >> > Other than that, I made no other changes. There are alerts that meet the >> > email thresholds at or about the time of segfaults. >> > >> > Any ideas? >> > >> > -- >> > >> > --- >> > You received this message because you are subscribed to the Google >> > Groups >> > "ossec-list" group. >> > To unsubscribe from this group and stop receiving emails from it, send >> > an >> > email to ossec-list+...@googlegroups.com. >> > For more options, visit https://groups.google.com/groups/opt_out. >> > >> > > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to ossec-list+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/groups/opt_out. > > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.