I've upgraded to 0.9.1 (was at 0.9) and found the same problem. Simply
go into src dir and change three files:
analysisd/cleanevent.c
analysisd/stats.c
shared/file-queue.c
find the string "Sept" and change to "Sep". Re-build as per doc. (I
used install.sh). Emails are working.
I don't pretend to know what I've changed, as I haven't really looked at
the source, so make changes at your own risk.:)
Reg
Richard Hopkins wrote:
My OSSEC-HIDS stopped alerting me by email at the end of August. I ran
a "truss" on the ossec-maild process and see it's complaining that...
open64("/logs/alerts/2006/Sept/ossec-alerts-04.log", O_RDONLY) Err#2
ENOENT
Checking my /logs/alerts/2006 directory, I see...
shark# pwd
/var/ossec/logs/alerts/2006
shark# ls
Aug Jul Sep
So there's an inconsistency here (Sept vs Sep).
Can we have a fix, please?
Cheers,
Richard
