Closed bchris21 closed 9 months ago
MarioHewardt
commented
10 months ago Hi - Can you provide some more details around "Sysmon service fails"? Does it error out, stop logging? Also, can you link the logs. I can't seem to find the attachment.
bchris21
commented
10 months ago Hi - Can you provide some more details around "Sysmon service fails"? Does it error out, stop logging? Also, can you link the logs. I can't seem to find the attachment.
Sorry @MarioHewardt, I forgot to attach the log files. Hope it now helps.
MarioHewardt
commented
9 months ago Thanks for the logs. Cursory glance (I can't repro and do not have the core dump) it seems its a seg fault in libcrypto.so.1.1.1. Due to another issue, I've bumped up the version of OpenSSL we use to 3.x. Can you try the latest Sysmon package 1.3.1 and let me know if that works?
bchris21
commented
9 months ago Works ok now. Thank you very much for your support!
Sysmon service fails after ~5 seconds.
Sysmon version
Distro/kernel version Operating System: Red Hat Enterprise Linux 8.8 (Ootpa)
CPE OS Name: cpe:/o:redhat:enterprise_linux:8::baseos
Kernel: Linux 4.18.0-477.21.1.el8_8.x86_64
Architecture: x86-64
Sysmon configuration https://github.com/microsoft/MSTIC-Sysmon/blob/main/linux/configs/main.xml
Logs See attached journalctl.txt status.txt kernel.txt