Hi,
On the ossec instance I have installed the remoted process runs for a short
period of time, in most cases less than an hour or so, then crashes.
Listed below is the debug output. Does anyone have an idea of what is
going on here? Please let me know if you need any more info.
ossec versio
0
lseek(11, 23386263, SEEK_SET) = 23386263
write(11, "2012/08/21 10:10:54 ossec-logcol"..., 128) = 128
close(11) = 0
munmap(0x7fb962828000, 4096)= 0
stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=3519, ...}) = 0
open(&qu
Not sure what you mean, I have run all the debug commands you requested.
On Wed, Aug 22, 2012 at 10:33 AM, dan (ddp) wrote:
> Since you don't seem too interested in fixing this, good luck.
>
> On Wed, Aug 22, 2012 at 10:19 AM, Shaka Lewis wrote:
>> here is all I have f
e/ossec/queue'. Giving up..
2012/08/21 19:31:30 ossec-monitord: socketerr (not available).
On Wed, Aug 22, 2012 at 7:45 AM, dan (ddp) wrote:
> On Tue, Aug 21, 2012 at 2:13 PM, Shaka Lewis wrote:
>> The ossec processes running at this point are execd, logcollector, and
>> monitor
-1.47.el6_2.12.x86_64
(This version of glibc is already installed on the system)
This is a server install and stopped working after migrating to new hardware.
On Tue, Aug 21, 2012 at 12:19 PM, dan (ddp) wrote:
> On Tue, Aug 21, 2012 at 11:19 AM, Shaka Lewis wrote:
>> I ran the debug an
ossec-monitord(1224): ERROR: Error sending message to queue.
2012/08/20 19:19:19 ossec-monitord: socketerr (not available).
On Mon, Aug 20, 2012 at 9:40 AM, dan (ddp) wrote:
> On Mon, Aug 20, 2012 at 9:38 AM, Shaka Lewis wrote:
>> This is the error log in the ossec.log file when i restart
r/log/messages
kernel: ossec-analysisd[10974]: segfault at 0 ip (null) sp
7fffe5ada2b8 error 14 in ossec-analysisd[40+62000]
On Mon, Aug 20, 2012 at 7:54 AM, dan (ddp) wrote:
> On Fri, Aug 17, 2012 at 5:29 PM, Shaka Lewis wrote:
>> I get the below errors after restarting osse
re you restarted it?
>
> Were you running as 'root'?
> Do 'ls -l /var/ossec/queue/ossec/queue' to see if the file exist.
>
>
> On Friday, August 17, 2012 2:29:19 PM UTC-7, Shaka Lewis wrote:
>>
>> I get the below errors after restarting ossec. This is ve
I get the below errors after restarting ossec. This is version 2.6
running on a Linux machine
2012/08/17 16:55:21 ossec-logcollector: socketerr (not available).
2012/08/17 16:55:21 ossec-logcollector(1224): ERROR: Error sending
message to queue.
2012/08/17 16:55:24 ossec-logcollector(1210): ERROR
