We often receive questions about «Process segfaulted» in the incidents tab.
- The OSSEC rule 1010 is intended for monitoring messages about segfaults:
<rule id="1010" level="5">
<match>segfault at </match>
We'd recommend investigating the issue with segfaults and fixing it.
- The rule can also be disabled as per Troubleshooting of false-positive WAF hits on legitimate actions but that's not recommended.
Problems with third-party software.