[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ossec-list] Re: ossec 1.2 Problems on OpenBSD 4.1-stable

To: ossec-list@xxxxxxxxxxxxxxxx
Subject: [ossec-list] Re: ossec 1.2 Problems on OpenBSD 4.1-stable
From: "Daniel Cid" <daniel.cid@xxxxxxxxx>
Date: Tue, 24 Jul 2007 23:01:48 -0300
Cc: "Chris Tankersley" <chris.tankersley@xxxxxxxxxxxxxxxxx>
Dkim-signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=COv9TJlXRgJykoPnGG6d7XHmBD0u7cr5h78iefWQqhy4KnDOyCNsIJa3shj8otVUIHuDmiCkrtX4ZDafLOPdyQQOiQxhr437UjxNB5SUXgRjPHdnjlUo+2i+cIWi/1Ywmr3ah44KESEppGtf+pDtRgRb8biGiUFKe7sunLiPa5E=

Hi Chris,

Can you try our latest snapshot (in fact, v1.3 beta1)? I don't have OpenBSD 4.1
installed, but it seems to be a memory problem, since the error messages are
receiving "garbage" from memory.

Try the following:

http://www.ossec.net/files/snapshots/ossec-hids-070722.tar.gz

And let us know if the problem persists (we fixed a lot of issues on
this version).

Thanks,

--
Daniel B. Cid
dcid ( at ) ossec.net

On 7/23/07, Chris Tankersley <chris.tankersley@xxxxxxxxxxxxxxxxx> wrote:
>
> We were having problems with ossec just stopping on OpenBSD 4.1-stable,
> so we set up a cron to stop, then start the ossec server every 12 hours.
> Starting on Friday, we started getting e-mails from the cron service
> about ossec not starting correctly, or not running when it goes to shut
> off. I've put the cron alerts below.
>
> Has anyone else had issues running Ossec on OpenBSD 4.1-stable? Our
> Linux boxes running it never have an issue and have been solid.
>
> Chris
>
> CRON TO RESTART OSSEC @ 07/22/07 00:00
> =============================
>
> Killing ossec-monitord ..
> Killing ossec-logcollector ..
> Killing ossec-syscheckd ..
> Killing ossec-analysisd ..
> Killing ossec-maild ..
> Killing ossec-execd ..
> OSSEC HIDS v1.2 Stopped
> Starting OSSEC HIDS v1.2 (by Daniel B. Cid)...
> Started ossec-maild...
> Started ossec-execd...
> Started ossec-analysisd...
> Started ossec-logcollector...
> Started ossec-syscheckd...
> Started ossec-monitord...
> Completed.
>
>
> CRON TO RESTART OSSEC @ 07/22/07 12:00
> =============================
>
> Killing ossec-monitord ..
> Killing ossec-logcollector ..
> Killing ossec-syscheckd ..
> Killing ossec-analysisd ..
> Killing ossec-maild ..
> Killing ossec-execd ..
> OSSEC HIDS v1.2 Stopped
> Starting OSSEC HIDS v1.2 (by Daniel B. Cid)...
> 2007/07/22 12:00:02 ossec-analysisd(1227): Error applying XML variables: 'Grouping of the postfix rules.'.
> 2007/07/22 12:00:02 ossec-analysisd(1220): Error loading the rules: 'postfix_rules.xml'.
> ossec-analysisd: Configuration error. Exiting
>
>
> CRON TO RESTART OSSEC @ 07/23/07 00:00
> =============================
>
> ossec-monitord not running ..
> ossec-logcollector not running ..
> ossec-syscheckd not running ..
> ossec-analysisd not running ..
> ossec-maild not running ..
> ossec-execd not running ..
> OSSEC HIDS v1.2 Stopped
> Starting OSSEC HIDS v1.2 (by Daniel B. Cid)...
> 2007/07/23 00:00:01 ossec-analysisd(1227): Error applying XML variables: '(bad sequence of commands).'.
> 2007/07/23 00:00:01 ossec-analysisd(1220): Error loading the rules: 'postfix_rules.xml'.
> ossec-analysisd: Configuration error. Exiting
>
>
> CRON TO RESTART OSSEC @ 07/23/07 12:00
> =============================
>
> ossec-monitord not running ..
> ossec-logcollector not running ..
> ossec-syscheckd not running ..
> ossec-analysisd not running ..
> ossec-maild not running ..
> ossec-execd not running ..
> OSSEC HIDS v1.2 Stopped
> Starting OSSEC HIDS v1.2 (by Daniel B. Cid)...
> Started ossec-maild...
> Started ossec-execd...
> Started ossec-analysisd...
> Started ossec-logcollector...
> 2007/07/23 12:00:04 ossec-syscheckd(1210): Queue '/var/ossec/queue/ossec/queue' not accessible: 'Connection refused'.
> 2007/07/23 12:00:04 ossec-rootcheck(1210): Queue '/var/ossec/queue/ossec/queue' not accessible: 'Connection refused'.
> 2007/07/23 12:00:12 ossec-syscheckd(1210): Queue '/var/ossec/queue/ossec/queue' not accessible: 'Connection refused'.
> 2007/07/23 12:00:12 ossec-rootcheck(1210): Queue '/var/ossec/queue/ossec/queue' not accessible: 'Connection refused'.
> 2007/07/23 12:00:25 ossec-syscheckd(1210): Queue '/var/ossec/queue/ossec/queue' not accessible: 'Connection refused'.
> 2007/07/23 12:00:25 ossec-rootcheck(1211): Unable to access queue: '/var/ossec/queue/ossec/queue'. Giving up..
>
>
>
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
>

References:
- [ossec-list] Re: ossec removal question
  - From: Thanh Han The
- [ossec-list] ossec 1.2 Problems on OpenBSD 4.1-stable
  - From: Chris Tankersley

Prev by Date: [ossec-list] Re: Ossec Problem: email_alert_level not being honored. Alert level 3 received in mail.
Next by Date: [ossec-list] Re: Server - Agent Rule Relationship
Previous by thread: [ossec-list] ossec 1.2 Problems on OpenBSD 4.1-stable
Next by thread: [ossec-list] Re: ossec 1.2 Problems on OpenBSD 4.1-stable
Index(es):
- Date
- Thread

OSSEC home | Main Index | Thread Index

OSSEC project: www.ossec.net.
Mailling list information: http://www.ossec.net/en/mailing_lists.html.