Re: [ossec-list] syscheck error

2018-04-23 Thread dan (ddp)
On Mon, Apr 23, 2018 at 6:34 PM, Cooper Graf wrote: > Haha hmm. So any idea why it's throwing an error for me? Is a new release > slated to come out soon? > It's supposed to be soon, I'll have to prod the release manager. It happens in glob() somewhere, but I haven't

Re: [ossec-list] syscheck error

2018-04-23 Thread Cooper Graf
Haha hmm. So any idea why it's throwing an error for me? Is a new release slated to come out soon? On Mon, Apr 23, 2018 at 4:29 PM dan (ddp) wrote: > On Mon, Apr 23, 2018 at 6:26 PM, dan (ddp) wrote: > > On Mon, Apr 23, 2018 at 6:05 PM, Cooper Graf

Re: [ossec-list] syscheck error

2018-04-23 Thread dan (ddp)
On Mon, Apr 23, 2018 at 6:26 PM, dan (ddp) wrote: > On Mon, Apr 23, 2018 at 6:05 PM, Cooper Graf wrote: >> Is there documentation that explains what a glob is? This worked fine with >> 2.7. >> > > I don't think so. I just tried it on a 3.x system and

Re: [ossec-list] syscheck error

2018-04-23 Thread dan (ddp)
On Mon, Apr 23, 2018 at 6:05 PM, Cooper Graf wrote: > Is there documentation that explains what a glob is? This worked fine with > 2.7. > I don't think so. I just tried it on a 3.x system and didn't get the error. Still waiting on results to see if it checks properly.

Re: [ossec-list] syscheck error

2018-04-23 Thread Cooper Graf
Is there documentation that explains what a glob is? This worked fine with 2.7. On Mon, Apr 23, 2018 at 12:53 PM dan (ddp) wrote: > > > On Mon, Apr 16, 2018 at 2:08 PM, Cooper wrote: > >> I am getting the following error from syscheckd when starting up

Re: [ossec-list] syscheck error

2018-04-23 Thread dan (ddp)
On Mon, Apr 16, 2018 at 2:08 PM, Cooper wrote: > I am getting the following error from syscheckd when starting up OSSEC > 2.9.3: > > 2018/04/16 13:01:14 ossec-analysisd: INFO: Reading rules file: > 'sshd_rules.xml' > 2018/04/16 13:01:14 ossec-syscheckd(1121): ERROR: Glob

Re: [ossec-list] syscheck error with large files

2012-04-12 Thread Christopher Moraes
I figured out what the problem is - OSSEC gets the file size and stores it in an 'int'. For large files 2GB, the value in the int overflow into a negative range. When ossec sees a negative value for size, it assumes that the file has been deleted. So I guess the fix would be to change the

Re: [ossec-list] syscheck error with large files

2012-04-11 Thread dan (ddp)
What OS? On Tue, Apr 10, 2012 at 5:02 PM, Christopher Moraes cmoraes@gmail.com wrote: Hi, Has anyone noticed a bug when running syscheck with large files ( 2 GB)? I created a test file of 750 MB and ran syscheck.  The file was added correctly to the syscheck DB in