Atomicorp

Hi there, just got this error after upgrading rsync from rpmforge to: rsync-3.0.4-1.el5.rf. [edit] the error occurred when I ran asl -s -f after the upgrade[/edit]

kernel: ossec-remoted[31318]: segfault at 0 ip 4028cb sp 781c6e76e2a0 error 4 in ossec-remoted[400000+40000]

I don't think it matters much to normal operation since I'm not trying to listen to other ossec servers; is that accurate?

Seems reproducible with: service ossec-hids restart.

2.6.25.4-4.art.x86_64 #1 SMP Wed Jun 4 15:07:26 EDT 2008 x86_64 x86_64 x86_64 GNU/Linux

Anyway to prevent this for now? stop ossec-remoted?

Thanks!
Jeremiah

I cant see that an rsync update would effect that. What distro are you on, and what version of ossec are you using?

I've got these two for ossec:
ossec-hids-server-1.5-3.el5.art
ossec-hids-1.5-3.el5.art

on CentOS 5.2

Could be config related, or maybe something else going on. The process segfaults which isn't a good thing, but does it actually stop running? Or does the process respawn?

Didn't change anything config-wise before this happened... and 2 or 3 days before upgrading rsync I updated mod_security and osssec-remoted didn't segfault when restarting ossec... fwiw

Yep, ossec-remoted stops but does not respawn.

Well I'd send something to support then, just so we can track it.

ok will do. The automated emails I got from the support portal the last time I tried it were confusing and hard to read so was hoping to avoid dealing with that again. Also thought a note here would help anyone else who gets the same error. I understand the need to track issues somewhere other than a forum though, so will give it another go... maybe emailing support directly will bypass those automated emails...?
Thanks again!

yeah thats fine. We'll just maintain them on the internal system.