1 Reply Latest reply on Aug 26, 2010 11:03 AM by djbrightman

    LinuxShield 1.6 - logepo segfault

      Running LinuxShield 1.6.0 on a dozen SLES10 SP3 servers - deployed and managed by ePO 4.5 server

       

      Two of the servers have shown several segfault errors against the 'logepo' process (/opt/NAI/LinuxShield/libexec/logepo), though this process appears to stay running..!

       

      e.g.

      >>

      wmlx-1:~ # grep segfault  /var/log/messages
      Aug 19 09:07:04 wmlx-1 kernel: logepo[32656]: segfault at 00000000f4600000 rip 00000000f67a2fc6 rsp 00000000ffc74288 error 4
      Aug 19 09:49:21 wmlx-1 kernel: logepo[29706]: segfault at 00000000f5500000 rip 00000000f6771fc6 rsp 00000000ffb559f8 error 4
      Aug 21 13:57:26 wmlx-1 kernel: logepo[11341]: segfault at 00000000f41f6000 rip 00000000f563082e rsp 00000000ffd04600 error 4
      Aug 22 00:53:01 wmlx-1 kernel: logepo[18548]: segfault at 00000000f5500000 rip 00000000f671ffc6 rsp 00000000ffd900f8 error 4
      Aug 23 08:33:01 wmlx-1 kernel: logepo[11332]: segfault at 00000000f4100000 rip 00000000f66effc6 rsp 00000000ffaf3988 error 4
      Aug 23 14:37:11 wmlx-1 kernel: logepo[3160]: segfault at 00000000f4300000 rip 00000000f66f2fc6 rsp 00000000ffd41368 error 4
      Aug 24 02:32:58 wmlx-1 kernel: logepo[12924]: segfault at 00000000f5500000 rip 00000000f66c5fc6 rsp 00000000ff9677f8 error 4
      Aug 24 08:37:05 wmlx-1 kernel: logepo[26903]: segfault at 00000000f5500000 rip 00000000f672cfc6 rsp 00000000ffa85a98 error 4
      Aug 24 09:03:29 wmlx-1 kernel: logepo[2632]: segfault at 00000000f5400000 rip 00000000f6776fc6 rsp 00000000ffe09a38 error 4
      Aug 24 14:37:49 wmlx-1 kernel: logepo[31012]: segfault at 00000000f4500000 rip 00000000f66c5fc6 rsp 00000000ff97e838 error 4
      Aug 24 16:54:31 wmlx-1 kernel: logepo[12369]: segfault at 00000000f5600000 rip 00000000f67b5fc6 rsp 00000000ffb05918 error 4
      Aug 24 22:28:48 wmlx-1 kernel: logepo[2056]: segfault at 00000000f5500000 rip 00000000f6722fc6 rsp 00000000ff9ad418 error 4
      Aug 25 08:28:24 wmlx-1 kernel: logepo[9575]: segfault at 00000000f5600000 rip 00000000f677ffc6 rsp 00000000ffc1a6a8 error 4
      Aug 25 13:00:54 wmlx-1 kernel: logepo[8636]: segfault at 00000000f5500000 rip 00000000f674efc6 rsp 00000000fffd77c8 error 4

      <<

       

      Any thoughts or suggestions?!?

       

      Thanks

       

      David

        • 1. Re: LinuxShield 1.6 - logepo segfault

          Looks like this could have been to do with missing rights.... It appears  the 'nails' lum user had lost its file system rights to the root of one  of the cluster volumes, so we were getting thousands of scan errors  (5102) - this was probably overloading the 'logepo' process, which I am  guessing is responsible for reporting scan details to epo.
          Anyhow re-added rights and seems OK...
          Not sure how rights were lost, but that's another problem....!
          HTH
          David