I’m getting segmentation faults across all of my agents when restarting.
Nothing is showing connected anymore.
/var/ossec/bin/ossec-control: line 138: 24910 Segmentation fault
${DIR}/bin/${i}
Line 138 in ossec.conf is the active response, which is disabled:
<!-- Active Response Config -->
<active-response>
<disabled>yes</disabled>
<!-- This response is going to execute the host-deny
- command for every event that fires a rule with
- level (severity) >= 6.
- The IP is going to be blocked for 600 seconds.
-->
<command>host-deny</command>
<location>local</location>
<level>6</level>
<timeout>600</timeout>
</active-response>
<active-response>
<disabled>yes</disabled>
<!-- Firewall Drop response. Block the IP for
- 600 seconds on the firewall (iptables,
- ipfilter, etc).
-->
<command>firewall-drop</command>
<location>local</location>
<level>6</level>
<timeout>600</timeout>
</active-response>
I have checked the ossec.conf and agent.conf for any mistakes and haven’t
found any, and since this was working properly for a while, I'm pretty
positive that's not the issue. This was an issue on only a few agents last
week, and now it is happening across all agents after the 2.6 upgrade. All
agents are showing not connected. None of the configuration files have
changed.
Any help would be appreciated!
Ossec V 2.6 RedHat Linux (server and agents with 5 windows agents)
