Thanks! That did the trick to fix the core dump problem.
--JIM
On Thursday, August 23, 2012 10:17:29 AM UTC-4, dan (ddpbsd) wrote:
Looks like Daniel Cid might have fixed this:
https://bitbucket.org/dcid/ossec-hids/changeset/8cc93c407d69
On Wed, Aug 22, 2012 at 7:54 AM, dan (ddp)
Yup, that seems to have fixed it! Thanks!
--JIM
On Thursday, August 23, 2012 10:17:29 AM UTC-4, dan (ddpbsd) wrote:
Looks like Daniel Cid might have fixed this:
https://bitbucket.org/dcid/ossec-hids/changeset/8cc93c407d69
On Wed, Aug 22, 2012 at 7:54 AM, dan (ddp) ddp...@gmail.com
Looks like Daniel Cid might have fixed this:
https://bitbucket.org/dcid/ossec-hids/changeset/8cc93c407d69
On Wed, Aug 22, 2012 at 7:54 AM, dan (ddp) ddp...@gmail.com wrote:
On Fri, Aug 17, 2012 at 7:56 PM, Jim jim.w.matth...@gmail.com wrote:
Dan,
Here is the backtrace from GDB, but I am not
On Fri, Aug 17, 2012 at 7:56 PM, Jim jim.w.matth...@gmail.com wrote:
Dan,
Here is the backtrace from GDB, but I am not sure that tells much more than
mdb had?
It's a tool I'm more familiar with. I don't get much of an opportunity
to use niche systems these days.
I'd consider tossing the
Any hope of getting to the bottom of this? Let me know if more info would
help.
--JIM
On Friday, August 17, 2012 7:56:44 PM UTC-4, Jim wrote:
Dan,
Here is the backtrace from GDB, but I am not sure that tells much more
than mdb had?
Program terminated with signal 11, Segmentation
Hello,
Any further thoughts on fixing this core dump problem?
Thanks,
--JIM
On Monday, August 13, 2012 7:41:39 PM UTC-4, Jim wrote:
Here are the logs from the ossec.log, which was running in debug. Which
reports until you can see analysisd core dumps. IPs and hostnames have
been
On Thu, Aug 16, 2012 at 1:12 AM, Jim jim.w.matth...@gmail.com wrote:
Hello,
Any further thoughts on fixing this core dump problem?
Thanks,
--JIM
Is there any chance you can run it in gdb?
gdb /var/ossec/bin/ossec-analysisd
set follow-fork-mode child
run
*CRASH*
bt
There are probably
Seg fault occurred at ./analysisd/alerts/log.c around line 261:
fprintf(_fflog,
%d %s %02d %s %s%s%s %s %s %s:%s-%s:%s\n,
lf-year,
lf-mon,
lf-day,
lf-hour,
lf-hostname != lf-location?lf-hostname:,
lf-hostname
Here are the logs from the ossec.log, which was running in debug. Which
reports until you can see analysisd core dumps. IPs and hostnames have
been changed from the original...
2012/08/12 15:07:09 ossec-logcollector: DEBUG: Reading syslog message: 'Aug
12 15:07:08 casrv9-hidn.local1
