[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Ossec-list] OSSEC seems to die occasionally

Subject: [Ossec-list] OSSEC seems to die occasionally
From: kayvan at sylvan.com (Kayvan A. Sylvan)
Date: Wed, 19 Apr 2006 14:42:53 -0700

On Tue, Apr 18, 2006 at 09:41:54PM -0300, Daniel Cid wrote:
> Oops. The "analysisd" process dying without a trace is not good. It just
> needs to be able to read from the queue, so permissions on this
> case shouldn't be a problem (it wouldn't even start properly).
> Can you enable system call tracing on the analysisd process? If running
> BSD systems you will probably need to use ktrace -p <analysisd pid>
> or if linux use systrace (systrace -p <analysisd pid>. With that we will
> be able to see what kind of signal (or whatever) is happening.

I am running strace against the OSS analysisd process now. Of course,
this sort of thing is intermittent, so there's no telling when the
problem will manifest again, but I have seen it on two different
machines.

			---Kayvan
-- 
Kayvan A. Sylvan          | Proud husband of       | Father to my kids:
Sylvan Associates, Inc.   | Laura Isabella Sylvan, | Katherine Yelena (8/8/89)
http://sylvan.com/~kayvan | my beautiful Queen.    | Robin Gregory (2/28/92)

References:
- [Ossec-list] Projects news
  - From: Daniel Cid
- [Ossec-list] OSSEC seems to die occasionally
  - From: Kayvan A. Sylvan
- [Ossec-list] OSSEC seems to die occasionally
  - From: Thomas M. Jett
- [Ossec-list] OSSEC seems to die occasionally
  - From: Kayvan A. Sylvan
- [Ossec-list] OSSEC seems to die occasionally
  - From: Daniel Cid

Prev by Date: [Ossec-list] OSSEC seems to die occasionally
Next by Date: [Ossec-list] Logs for the Windows version of the OSSEC HIDS agent
Previous by thread: [Ossec-list] OSSEC seems to die occasionally
Next by thread: [Ossec-list] Local logs on agents ?
Index(es):
- Date
- Thread

OSSEC home | Main Index | Thread Index

OSSEC project: www.ossec.net.
Mailling list information: http://www.ossec.net/en/mailing_lists.html.