OSSEC 3.2 ossec-dbd keeps stopping

14 views
Skip to first unread message

Nate

unread,
Jun 10, 2019, 3:17:21 PM6/10/19
to ossec-list
Hi,

My ossec-dbd process keeps crashing after a few days and I wanted to know how I can go about getting more information out as to why it's happening because the OSSEC logs are sparse (just info entries of the services starting up each time):

[U@secserv etc]# service ossec status
ossec-monitord is running...
ossec-logcollector is running...
ossec-remoted is running...
ossec-syscheckd is running...
ossec-analysisd is running...
ossec-maild is running...
ossec-execd is running...
ossec-dbd: Process 27555 not used by ossec, removing ..
ossec-dbd not running...
ossec-csyslogd not running...
ossec-agentlessd not running...
[U@secserv etc]# service ossec restart
Stopping OSSEC:                                            [  OK  ]
Starting OSSEC:                                            [  OK  ]
[U@secserv etc]# /var/ossec/bin/ossec-control
ossec-monitord is running...
ossec-logcollector is running...
ossec-remoted is running...
ossec-syscheckd is running...
ossec-analysisd is running...
ossec-maild is running...
ossec-execd is running...
ossec-dbd is running...
ossec-csyslogd not running...
ossec-agentlessd not running...


Currently my setup is Centos 6.9 with mysql 5.1.73. Before I spiral down the rabbit hole of upgrades how can I enable some debugging on the server to hopefully spot the ossec-dbd crashing? Is it just internal_options' logcollector.debug=1

dan (ddp)

unread,
Jun 10, 2019, 6:04:32 PM6/10/19
to ossec...@googlegroups.com
dbd and logcollector are different, so I don't think that will help.
Running dbd with the `-d` flag could be useful.

Running it under gdb and collecting a backtrace might be useful.
Rebuilding OSSEC with `DEBUG=yes` would provide more information.
`gdb /var/ossec/bin/ossec-dbd`
When in gdb:
set follow-fork-mode child
run -d

or just `run -df`


> --
>
> ---
> You received this message because you are subscribed to the Google Groups "ossec-list" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/ossec-list/38df63f8-020d-4470-b7ba-e228fa5b40af%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
Reply all
Reply to author
Forward
0 new messages