[ossec-list] Re: File deletion ,Integrity checksum and sending mail fails.
Hi, Dan thanks for the reply. Yes i am using hostname for smtp server. In previous version we do not have to do such things for email. On Wednesday, April 12, 2017 at 8:24:15 PM UTC+5:30, siddhe...@suvidhaa.com wrote: > > Hi, > > I do not receive file deletion alert in latest 2.9.0 version, > Also any changes made to the file are not reported before. > > Also maild demon fails sending the mail. I fixed it by copying the hosts > file but i dnt think it is correct way. > > Please can you help us to resolve the issue. Let me know if you want any > observations. > > Regards, > SIddhesh Rele. > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [ossec-list] on ubuntu compile windows 64bit error
windows 2012 r2 error 问题签名: 问题事件名称:APPCRASH 应用程序名:win32ui.exe 应用程序版本:0.0.0.0 应用程序时间戳:58ef28a9 故障模块名称:StackHash_bc03 故障模块版本:6.3.9600.17415 故障模块时间戳:5450559e 异常代码:c374 异常偏移:PCH_B7_FROM_ntdll+0x000911FA OS 版本:6.3.9600.2.0.0.272.7 区域设置 ID:2052 其他信息 1:bc03 其他信息 2:bc03b0099517a014308582161a3173b5 其他信息 3:e3d5 其他信息 4:e3d5a6322d624c2d8e59088803c5efc2 联机阅读隐私声明: http://go.microsoft.com/fwlink/?linkid=280262 如果无法获取联机隐私声明,请脱机阅读我们的隐私声明: C:\Windows\system32\zh-CN\erofflps.txt 在 2017年4月14日星期五 UTC+8上午6:24:19,dan (ddpbsd)写道: > > On Thu, Apr 13, 2017 at 5:14 AM, weisst> wrote: > > Dear all > > > > i try compile windows 64bit on Ubuntu 16.10, and i install depend > > > > sudo apt-get install build-essential -y > > sudo apt-get install nsis nsis-common -y > > sudo apt-get install mingw-w64 mingw-w64-common mingw-w64-x86-64-dev -y > > > > i find mingw use x86_64-w64-mingw32-gcc replace amd64-mingw32msvc-gcc,so > i > > mod Makefile > > > > ifneq (,$(shell which amd64-mingw32msvc-gcc)) > > MING_BASE:=amd64-mingw32msvc- > > > > to > > > > ifneq (,$(shell which x86_64-w64-mingw32-gcc)) > > MING_BASE:=x86_64-w64-mingw32- > > else > > > > You might have to make similar changes to > src/external/lua/src/Makefile.mingw > But I've never tried it. > > > then make TARGET=winagent , i get some error > > > > x86_64-w64-mingw32-gcc -shared -o lua52.dll lapi.o lcode.o lctype.o > ldebug.o > > ldo.o ldump.o lfunc.o lgc.o llex.o lmem.o lobject.o lopcodes.o lparser.o > > lstate.o lstring.o ltable.o ltm.o lundump.o lvm.o lzio.o lauxlib.o > > lbaselib.o lbitlib.o lcorolib.o ldblib.o liolib.o lmathlib.o loslib.o > > lstrlib.o ltablib.o loadlib.o linit.o > > strip --strip-unneeded lua52.dll > > x86_64-w64-mingw32-gcc -o ossec-lua.exe -s lua.o lua52.dll -lm > > make[2]: Leaving directory > > '/tmp/ossec-hids-master/src/external/lua-5.2.3/src' > > make -f Makefile.mingw "LUAC_T=ossec-luac.exe" ossec-luac.exe > > make[2]: Entering directory > > '/tmp/ossec-hids-master/src/external/lua-5.2.3/src' > > x86_64-w64-mingw32-gcc -O2 -Wall -DLUA_COMPAT_ALL -c -o luac.o luac.c > > i686-w64-mingw32-ar rcu liblua.a lapi.o lcode.o lctype.o ldebug.o ldo.o > > ldump.o lfunc.o lgc.o llex.o lmem.o lobject.o lopcodes.o lparser.o > lstate.o > > lstring.o ltable.o ltm.o lundump.o lvm.o lzio.o lauxlib.o lbaselib.o > > lbitlib.o lcorolib.o ldblib.o liolib.o lmathlib.o loslib.o lstrlib.o > > ltablib.o loadlib.o linit.o > > i686-w64-mingw32-ar: u' modifier ignored sinceD' is the default (see > `U') > > i686-w64-mingw32-ranlib liblua.a > > x86_64-w64-mingw32-gcc -o ossec-luac.exe luac.o liblua.a -lm > > liblua.a: error adding symbols: Archive has no index; run ranlib to add > one > > collect2: error: ld returned 1 exit status > > Makefile.mingw:66: recipe for target 'ossec-luac.exe' failed > > make[2]: *** [ossec-luac.exe] Error 1 > > make[2]: Leaving directory > > '/tmp/ossec-hids-master/src/external/lua-5.2.3/src' > > Makefile.mingw:112: recipe for target 'mingw' failed > > make[1]: *** [mingw] Error 2 > > make[1]: Leaving directory > > '/tmp/ossec-hids-master/src/external/lua-5.2.3/src' > > Makefile:609: recipe for target 'winagent' failed > > make: *** [winagent] Error 2 > > > > i try to fix the problem, then i mod lua-5.2.3/src/Makefile.mingw > > > > CC= i686-w64-mingw32-gcc > > CFLAGS= -O2 -Wall -DLUA_COMPAT_ALL $(SYSCFLAGS) $(MYCFLAGS) > > LDFLAGS= $(SYSLDFLAGS) $(MYLDFLAGS) > > LIBS= -lm $(SYSLIBS) $(MYLIBS) > > > > AR= i686-w64-mingw32-ar rcu > > RANLIB= i686-w64-mingw32-ranlib > > RM= rm -f > > > > try replace all i686-w64-mingw32 to x86_64-w64-mingw32,then complie > success > > but install on windows 64bit system,ossec agent can't start,have some > error, > > help me fix it,thanks > > > > What error? > > > > > also publish on github issue: > https://github.com/ossec/ossec-hids/issues/1110 > > > > -- > > > > --- > > You received this message because you are subscribed to the Google > Groups > > "ossec-list" group. > > To unsubscribe from this group and stop receiving emails from it, send > an > > email to ossec-list+...@googlegroups.com . > > For more options, visit https://groups.google.com/d/optout. > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[ossec-list] OSSEC Agent not works
Hello! I installed OSSEC server and client on 2 hosts whoever agent showed as "Never connected". There is no firewall between these hosts and if I use netcat to connect to server It log shows that message is not properly formated. Output of tcpdump: 00:58:11.619862 IP 10.2.2.3.43453 > 10.2.2.12.fujitsu-dtcns: UDP, length 73 00:58:11.620415 IP 10.2.2.13.fujitsu-dtcns > 10.2.2.3.43453: UDP, length 73 00:58:15.620201 IP 10.2.2.3.43453 > 10.2.2.12.fujitsu-dtcns: UDP, length 73 00:58:15.620618 IP 10.2.2.13.fujitsu-dtcns > 10.2.2.3.43453: UDP, length 73 00:58:20.620619 IP 10.2.2.3.43453 > 10.2.2.12.fujitsu-dtcns: UDP, length 73 00:58:20.621167 IP 10.2.2.13.fujitsu-dtcns > 10.2.2.3.43453: UDP, length 73 00:58:26.621162 IP 10.2.2.3.43453 > 10.2.2.12.fujitsu-dtcns: UDP, length 73 00:58:26.621703 IP 10.2.2.13.fujitsu-dtcns > 10.2.2.3.43453: UDP, length 73 -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [ossec-list] on ubuntu compile windows 64bit error
On Thu, Apr 13, 2017 at 5:14 AM, weisstwrote: > Dear all > > i try compile windows 64bit on Ubuntu 16.10, and i install depend > > sudo apt-get install build-essential -y > sudo apt-get install nsis nsis-common -y > sudo apt-get install mingw-w64 mingw-w64-common mingw-w64-x86-64-dev -y > > i find mingw use x86_64-w64-mingw32-gcc replace amd64-mingw32msvc-gcc,so i > mod Makefile > > ifneq (,$(shell which amd64-mingw32msvc-gcc)) > MING_BASE:=amd64-mingw32msvc- > > to > > ifneq (,$(shell which x86_64-w64-mingw32-gcc)) > MING_BASE:=x86_64-w64-mingw32- > else > You might have to make similar changes to src/external/lua/src/Makefile.mingw But I've never tried it. > then make TARGET=winagent , i get some error > > x86_64-w64-mingw32-gcc -shared -o lua52.dll lapi.o lcode.o lctype.o ldebug.o > ldo.o ldump.o lfunc.o lgc.o llex.o lmem.o lobject.o lopcodes.o lparser.o > lstate.o lstring.o ltable.o ltm.o lundump.o lvm.o lzio.o lauxlib.o > lbaselib.o lbitlib.o lcorolib.o ldblib.o liolib.o lmathlib.o loslib.o > lstrlib.o ltablib.o loadlib.o linit.o > strip --strip-unneeded lua52.dll > x86_64-w64-mingw32-gcc -o ossec-lua.exe -s lua.o lua52.dll -lm > make[2]: Leaving directory > '/tmp/ossec-hids-master/src/external/lua-5.2.3/src' > make -f Makefile.mingw "LUAC_T=ossec-luac.exe" ossec-luac.exe > make[2]: Entering directory > '/tmp/ossec-hids-master/src/external/lua-5.2.3/src' > x86_64-w64-mingw32-gcc -O2 -Wall -DLUA_COMPAT_ALL -c -o luac.o luac.c > i686-w64-mingw32-ar rcu liblua.a lapi.o lcode.o lctype.o ldebug.o ldo.o > ldump.o lfunc.o lgc.o llex.o lmem.o lobject.o lopcodes.o lparser.o lstate.o > lstring.o ltable.o ltm.o lundump.o lvm.o lzio.o lauxlib.o lbaselib.o > lbitlib.o lcorolib.o ldblib.o liolib.o lmathlib.o loslib.o lstrlib.o > ltablib.o loadlib.o linit.o > i686-w64-mingw32-ar: u' modifier ignored sinceD' is the default (see `U') > i686-w64-mingw32-ranlib liblua.a > x86_64-w64-mingw32-gcc -o ossec-luac.exe luac.o liblua.a -lm > liblua.a: error adding symbols: Archive has no index; run ranlib to add one > collect2: error: ld returned 1 exit status > Makefile.mingw:66: recipe for target 'ossec-luac.exe' failed > make[2]: *** [ossec-luac.exe] Error 1 > make[2]: Leaving directory > '/tmp/ossec-hids-master/src/external/lua-5.2.3/src' > Makefile.mingw:112: recipe for target 'mingw' failed > make[1]: *** [mingw] Error 2 > make[1]: Leaving directory > '/tmp/ossec-hids-master/src/external/lua-5.2.3/src' > Makefile:609: recipe for target 'winagent' failed > make: *** [winagent] Error 2 > > i try to fix the problem, then i mod lua-5.2.3/src/Makefile.mingw > > CC= i686-w64-mingw32-gcc > CFLAGS= -O2 -Wall -DLUA_COMPAT_ALL $(SYSCFLAGS) $(MYCFLAGS) > LDFLAGS= $(SYSLDFLAGS) $(MYLDFLAGS) > LIBS= -lm $(SYSLIBS) $(MYLIBS) > > AR= i686-w64-mingw32-ar rcu > RANLIB= i686-w64-mingw32-ranlib > RM= rm -f > > try replace all i686-w64-mingw32 to x86_64-w64-mingw32,then complie success > but install on windows 64bit system,ossec agent can't start,have some error, > help me fix it,thanks > What error? > > also publish on github issue:https://github.com/ossec/ossec-hids/issues/1110 > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to ossec-list+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[ossec-list] Re: Rule 510 is triggering events but logtest is not showing any rules that should be triggered
Hi Jesus, Thanks for the reply. I have noticed when I activate this rule, it blocks all events and does not alert on the first event. Also note, I am trying to use the ID field from my decoder to match against. I can't just use a static match as the ID continuously changes so I'd need the ID from the decoder to do so. Any ideas? Thanks! On Wednesday, April 5, 2017 at 12:26:31 PM UTC-7, Rob Williams wrote: > > Hi all, > > I'm running into an issue where rule 510 is triggering and I'm getting > spammed with alerts but I can't seem to tune it correctly. What's weird is > that I am still getting alerted for rule 510 for this log, but I can't > figure out how to get that to show in logtest. Basically, I am getting > spammed with rule 510 and trying to filter it down more and here is what > happens when I enter the log in logtest: any ideas on how to fix > this? > > **Phase 1: Completed pre-decoding. > >full event: 'File '/filepath/' is owned by root and has written > permissions to anyone.' > >hostname: 'hostname' > >program_name: '(null)' > >log: 'File '/filepath/' is owned by root and has written > permissions to anyone.' > > > **Phase 2: Completed decoding. > >decoder: 'sample_decoder_setup' > >id: '/filepath/' > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [ossec-list] How soon does an agent disconnect appear
On Wed, Apr 12, 2017 at 4:01 PM, Nikki Swrote: > How long does it take for the agent to appear as 'disconnected'? I read on > another thread that the 'keep alive' needs to fail three times. I could not > find where we set the frequency of the agent check in. > I think it's 10 minutes, and I don't think it's currently configurable in ossec.conf. > Thank you! > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to ossec-list+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [ossec-list] Is it possible to trigger an active response on a rule with a severity level of 0?
On Wed, Apr 12, 2017 at 1:40 PM, Rob Williamswrote: > Essentially, I want to trigger an active response for a rule that I created > that has a severity level of 0. I created this rule because I did not want > to be alerted on the default rule and only wanted to be alerted based on the > output from my active response. My question is if I have the severity level > of 0, will it just be completely ignored without the active response even > triggering? I ask because I'm having trouble setting it up properly and want > to rule out if this is the cause. Thank you for your help in advance. > I think it will be ignored, but I've never tried it. You could try bumping the level to 1 to see if that fixes the issue. > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to ossec-list+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [ossec-list] File deletion ,Integrity checksum and sending mail fails.
On Wed, Apr 12, 2017 at 6:28 AM,wrote: > Hi, > > I do not receive file deletion alert in latest 2.9.0 version, > Also any changes made to the file are not reported before. > I haven't tested this, but I'll give it a shot. > Also maild demon fails sending the mail. I fixed it by copying the hosts > file but i dnt think it is correct way. > If you're using a hostname instead of an IP for the smtp server, this makes sense. maild chroots to /var/ossec. > Please can you help us to resolve the issue. Let me know if you want any > observations. > > Regards, > SIddhesh Rele. > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to ossec-list+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [ossec-list] Re: Same old song ERROR: Unable to access queue: '/var/ossec/queue/ossec/queue
On Mon, Apr 10, 2017 at 2:46 PM, Anoop Perayilwrote: > I am running OSSEC on a Security Onion build Ubuntu 14.04.5 LTS. > The issue started after I added in more disk since I ran out of space in / > I really wish SO would partition their system properly. Big /, nothing else is very annoying. Check permissions. Maybe things didn't copy over properly? > On Monday, 10 April 2017 23:52:07 UTC+5:30, Joshua Gimer wrote: >> >> Do you have SELinux running in an enforcing mode? What is the output of >> sestatus? >> >> Josh >> >> On Wed, Oct 12, 2016 at 8:58 AM, Kernel Panic wrote: >>> >>> Really do not know, just installed it from repo and tried to start the >>> service. >>> >>> Thanks >>> Regards >>> >>> El martes, 11 de octubre de 2016, 15:22:03 (UTC-3), Kernel Panic >>> escribió: Hi guys, Yes, I've been reading the error on the list, lots of cases and I got it too but I run out of idea. The log: 2016/10/11 13:04:40 ossec-syscheckd(1210): ERROR: Queue '/var/ossec/queue/ossec/queue' not accessible: 'Connection refused'. 2016/10/11 13:04:40 ossec-rootcheck(1210): ERROR: Queue '/var/ossec/queue/ossec/queue' not accessible: 'Connection refused'. 2016/10/11 13:04:46 ossec-logcollector(1210): ERROR: Queue '/var/ossec/queue/ossec/queue' not accessible: 'Connection refused'. 2016/10/11 13:04:46 ossec-logcollector(1211): ERROR: Unable to access queue: '/var/ossec/queue/ossec/queue'. Giving up.. 2016/10/11 13:04:48 ossec-syscheckd(1210): ERROR: Queue '/var/ossec/queue/ossec/queue' not accessible: 'Connection refused'. 2016/10/11 13:04:48 ossec-rootcheck(1210): ERROR: Queue '/var/ossec/queue/ossec/queue' not accessible: 'Connection refused'. 2016/10/11 13:05:01 ossec-syscheckd(1210): ERROR: Queue '/var/ossec/queue/ossec/queue' not accessible: 'Connection refused'. 2016/10/11 13:05:01 ossec-rootcheck(1211): ERROR: Unable to access queue: '/var/ossec/queue/ossec/queue'. Giving up.. The queue srw-rw. 1 ossec ossec 0 Oct 11 13:04 /var/ossec/queue/ossec/queue Also read the local_rules may have issues, tested with -t and no errors displayed also with xmllint xmllint local_rules.xml --SNIP- There is a file also under /var/ossec/etc/decoder.xml that seems not good , is that correct? xmllint decoder.xml decoder.xml:52: parser error : Extra content at the end of the document ^ And found this: xmllint ossec.conf ossec.conf:74: parser error : Comment not terminated Line 74, what's missing here? 72000 ossec-hids-2.8.3-53.el6.art.x86_64 ossec-hids-server-2.8.3-53.el6.art.x86_64 ossec-wui-0.8-4.el6.art.noarch Thanks for your time and support Regards >>> -- >>> >>> --- >>> You received this message because you are subscribed to the Google Groups >>> "ossec-list" group. >>> To unsubscribe from this group and stop receiving emails from it, send an >>> email to ossec-list+...@googlegroups.com. >>> For more options, visit https://groups.google.com/d/optout. >> >> >> >> >> -- >> Thanks, >> Joshua Gimer >> >> --- >> >> http://www.linkedin.com/in/jgimer >> http://twitter.com/jgimer > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to ossec-list+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [ossec-list] Re: Same old song ERROR: Unable to access queue: '/var/ossec/queue/ossec/queue
On Mon, Apr 10, 2017 at 2:34 PM, Felix Martelwrote: > Perhaps this is way off base, but have you added an agent for localhost ? In > my context of a new install, a ton of issues went away after I added an > agent for the localhost (name=localhost, IP=127.0.0.1). Didn't export the > key or anything. Once I did that, my queue errors went away and my agents > started reporting. > You shouldn't have to add an agent for the localhost, it's automatically considered agent 000. > If I have one rant regarding OSSEC HIDS, it's the structure and quality of > documentation: Sketchy at best... Doing a lot of poking in the dark to solve > issues. > Please help: https://github.com/ossec/ossec-docs > > On Tuesday, October 11, 2016 at 2:22:03 PM UTC-4, Kernel Panic wrote: >> >> Hi guys, >> Yes, I've been reading the error on the list, lots of cases and I got it >> too but I run out of idea. >> >> The log: >> >> 2016/10/11 13:04:40 ossec-syscheckd(1210): ERROR: Queue >> '/var/ossec/queue/ossec/queue' not accessible: 'Connection refused'. >> 2016/10/11 13:04:40 ossec-rootcheck(1210): ERROR: Queue >> '/var/ossec/queue/ossec/queue' not accessible: 'Connection refused'. >> 2016/10/11 13:04:46 ossec-logcollector(1210): ERROR: Queue >> '/var/ossec/queue/ossec/queue' not accessible: 'Connection refused'. >> 2016/10/11 13:04:46 ossec-logcollector(1211): ERROR: Unable to access >> queue: '/var/ossec/queue/ossec/queue'. Giving up.. >> 2016/10/11 13:04:48 ossec-syscheckd(1210): ERROR: Queue >> '/var/ossec/queue/ossec/queue' not accessible: 'Connection refused'. >> 2016/10/11 13:04:48 ossec-rootcheck(1210): ERROR: Queue >> '/var/ossec/queue/ossec/queue' not accessible: 'Connection refused'. >> 2016/10/11 13:05:01 ossec-syscheckd(1210): ERROR: Queue >> '/var/ossec/queue/ossec/queue' not accessible: 'Connection refused'. >> 2016/10/11 13:05:01 ossec-rootcheck(1211): ERROR: Unable to access queue: >> '/var/ossec/queue/ossec/queue'. Giving up.. >> >> The queue >> srw-rw. 1 ossec ossec 0 Oct 11 13:04 /var/ossec/queue/ossec/queue >> >> Also read the local_rules may have issues, tested with -t and no errors >> displayed also with xmllint >> >> xmllint local_rules.xml >> >> --SNIP- >> >> >> >> >> There is a file also under /var/ossec/etc/decoder.xml that seems not good >> , is that correct? >> xmllint decoder.xml >> decoder.xml:52: parser error : Extra content at the end of the document >> >> ^ >> >> And found this: >> >> xmllint ossec.conf >> ossec.conf:74: parser error : Comment not terminated >> >> >> Line 74, what's missing here? >> >> >> >> 72000 >> >> >> >> >> >> ossec-hids-2.8.3-53.el6.art.x86_64 >> ossec-hids-server-2.8.3-53.el6.art.x86_64 >> ossec-wui-0.8-4.el6.art.noarch >> >> Thanks for your time and support >> Regards >> >> >> >> >> >> >> >> > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to ossec-list+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [ossec-list] OSSEC upgrade from 2.8.3 to 2.9 RC5 DBD error
On Mon, Apr 10, 2017 at 2:34 PM, Dayne Jordanwrote: > DISREGARD - major faux pas on my part from previous... its' alert not alerts > table.(singular) > > Alert table does exist, however the column "level" does not, i will create > it manually. > > MariaDB [ossec]> describe alert; > +-+---+--+-+-+---+ > | Field | Type | Null | Key | Default | Extra | > +-+---+--+-+-+---+ > | id | int(10) unsigned | NO | PRI | NULL| | > | server_id | smallint(5) unsigned | NO | PRI | NULL| | > | rule_id | mediumint(8) unsigned | NO | MUL | NULL| | > | timestamp | int(10) unsigned | NO | MUL | NULL| | > | location_id | smallint(5) unsigned | NO | | NULL| | > | src_ip | int(10) unsigned | YES | MUL | NULL| | > | dst_ip | int(10) unsigned | YES | | NULL| | > | src_port| smallint(5) unsigned | YES | | NULL| | > | dst_port| smallint(5) unsigned | YES | | NULL| | > | alertid | tinytext | YES | | NULL| | > +-+---+--+-+-+---+ > 10 rows in set (0.00 sec) > > > I added the "level" column and all is well so far. I wonder why the > mysql.schema script isnt doing this? No error messages in the log. > > MariaDB [ossec]> describe alert; > +-+---+--+-+-+---+ > | Field | Type | Null | Key | Default | Extra | > +-+---+--+-+-+---+ > | id | int(10) unsigned | NO | PRI | NULL| | > | server_id | smallint(5) unsigned | NO | PRI | NULL| | > | rule_id | mediumint(8) unsigned | NO | MUL | NULL| | > | timestamp | int(10) unsigned | NO | MUL | NULL| | > | location_id | smallint(5) unsigned | NO | | NULL| | > | src_ip | int(10) unsigned | YES | MUL | NULL| | > | dst_ip | int(10) unsigned | YES | | NULL| | > | src_port| smallint(5) unsigned | YES | | NULL| | > | dst_port| smallint(5) unsigned | YES | | NULL| | > | alertid | tinytext | YES | | NULL| | > | level | tinyint(3) unsigned | YES | | NULL| | > +-+---+--+-+-+---+ > 11 rows in set (0.00 sec) > I just tried it with MASTER: MariaDB [ossecdb]> describe alert; +-+---+--+-+-++ | Field | Type | Null | Key | Default | Extra | +-+---+--+-+-++ | id | int(10) unsigned | NO | PRI | NULL| auto_increment | | server_id | smallint(5) unsigned | NO | PRI | NULL|| | rule_id | mediumint(8) unsigned | NO | MUL | NULL|| | level | tinyint(3) unsigned | YES | MUL | NULL|| | timestamp | int(10) unsigned | NO | MUL | NULL|| | location_id | smallint(5) unsigned | NO | | NULL|| | src_ip | varchar(46) | YES | MUL | NULL|| | dst_ip | varchar(46) | YES | | NULL|| | src_port| smallint(5) unsigned | YES | | NULL|| | dst_port| smallint(5) unsigned | YES | | NULL|| | alertid | varchar(30) | YES | MUL | NULL|| | user| text | NO | | NULL|| | full_log| text | NO | | NULL|| | is_hidden | tinyint(4)| NO | | 0 || | tld | varchar(5)| NO | MUL | || +-+---+--+-+-++ 15 rows in set (0.02 sec) > > On Monday, April 10, 2017 at 2:22:49 PM UTC-4, Dayne Jordan wrote: >> >> MariaDB [(none)]> use ossec >> Reading table information for completion of table and column names >> You can turn off this feature to get a quicker startup with -A >> >> Database changed >> MariaDB [ossec]> describe alerts; >> ERROR 1146 (42S02): Table 'ossec.alerts' doesn't exist >> MariaDB [ossec]> >> >> the mysql schema certainly appears to have the logic to create all the >> tables it needed. I ran the mysql schema again manually, restarted mysql and >> ossec and still have the same error. >> >> >> On Monday, April 10, 2017 at 2:07:47 PM UTC-4, Joshua Gimer wrote: >>> >>> Looking at the database schema here: >>> >>>
[ossec-list] on ubuntu compile windows 64bit error
Dear all i try compile windows 64bit on Ubuntu 16.10, and i install depend sudo apt-get install build-essential -y sudo apt-get install nsis nsis-common -y sudo apt-get install mingw-w64 mingw-w64-common mingw-w64-x86-64-dev -y i find mingw use *x86_64-w64-mingw32-gcc* replace *amd64-mingw32msvc-gcc*,so i mod Makefile ifneq (,$(shell which amd64-mingw32msvc-gcc)) MING_BASE:=amd64-mingw32msvc- to ifneq (,$(shell which x86_64-w64-mingw32-gcc)) MING_BASE:=x86_64-w64-mingw32- else then make TARGET=winagent , i get some error x86_64-w64-mingw32-gcc -shared -o lua52.dll lapi.o lcode.o lctype.o ldebug.o ldo.o ldump.o lfunc.o lgc.o llex.o lmem.o lobject.o lopcodes.o lparser.o lstate.o lstring.o ltable.o ltm.o lundump.o lvm.o lzio.o lauxlib.o lbaselib.o lbitlib.o lcorolib.o ldblib.o liolib.o lmathlib.o loslib.o lstrlib.o ltablib.o loadlib.o linit.o strip --strip-unneeded lua52.dll x86_64-w64-mingw32-gcc -o ossec-lua.exe -s lua.o lua52.dll -lm make[2]: Leaving directory '/tmp/ossec-hids-master/src/external/lua-5.2.3/src' make -f Makefile.mingw "LUAC_T=ossec-luac.exe" ossec-luac.exe make[2]: Entering directory '/tmp/ossec-hids-master/src/external/lua-5.2.3/src' x86_64-w64-mingw32-gcc -O2 -Wall -DLUA_COMPAT_ALL -c -o luac.o luac.c i686-w64-mingw32-ar rcu liblua.a lapi.o lcode.o lctype.o ldebug.o ldo.o ldump.o lfunc.o lgc.o llex.o lmem.o lobject.o lopcodes.o lparser.o lstate.o lstring.o ltable.o ltm.o lundump.o lvm.o lzio.o lauxlib.o lbaselib.o lbitlib.o lcorolib.o ldblib.o liolib.o lmathlib.o loslib.o lstrlib.o ltablib.o loadlib.o linit.o i686-w64-mingw32-ar: u' modifier ignored sinceD' is the default (see `U') i686-w64-mingw32-ranlib liblua.a x86_64-w64-mingw32-gcc -o ossec-luac.exe luac.o liblua.a -lm liblua.a: error adding symbols: Archive has no index; run ranlib to add one collect2: error: ld returned 1 exit status Makefile.mingw:66: recipe for target 'ossec-luac.exe' failed make[2]: *** [ossec-luac.exe] Error 1 make[2]: Leaving directory '/tmp/ossec-hids-master/src/external/lua-5.2.3/src' Makefile.mingw:112: recipe for target 'mingw' failed make[1]: *** [mingw] Error 2 make[1]: Leaving directory '/tmp/ossec-hids-master/src/external/lua-5.2.3/src' Makefile:609: recipe for target 'winagent' failed make: *** [winagent] Error 2 i try to fix the problem, then i mod lua-5.2.3/src/Makefile.mingw CC= i686-w64-mingw32-gcc CFLAGS= -O2 -Wall -DLUA_COMPAT_ALL $(SYSCFLAGS) $(MYCFLAGS) LDFLAGS= $(SYSLDFLAGS) $(MYLDFLAGS) LIBS= -lm $(SYSLIBS) $(MYLIBS) AR= i686-w64-mingw32-ar rcu RANLIB= i686-w64-mingw32-ranlib RM= rm -f try replace all *i686-w64-mingw32* to *x86_64-w64-mingw32*,then complie success but install on windows 64bit system,ossec agent can't start,have some error, help me fix it,thanks also publish on github issue:https://github.com/ossec/ossec-hids/issues/1110 -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.