Hi Reg,
Your fix would work. It is just a small typo in the month names that caused
this problem (a big one). In addition to that, I just pushed to the
site a patch for
the version 0.9 with the fix.
http://www.ossec.net/files/ossec-hids-0.9-1a.tar.gz
MD5 (ossec-hids-0.9-1a.tar.gz) = efebce3fd7712d94ded6574ee09a4299
SHA1 (ossec-hids-0.9-1a.tar.gz) = 08bfd26e8587e23c18bde010f5c46dd548bdfa00
Just download it and during the install, choose to "update". After the
installation
finishes, make sure that the localtime file at /var/ossec/etc has read
permissions
to everyone...
Thanks for the report...
--
Daniel B. Cid
dcid ( at ) ossec.net
On 9/4/06, Reg <[EMAIL PROTECTED]> wrote:
I've upgraded to 0.9.1 (was at 0.9) and found the same problem. Simply
go into src dir and change three files:
analysisd/cleanevent.c
analysisd/stats.c
shared/file-queue.c
find the string "Sept" and change to "Sep". Re-build as per doc. (I
used install.sh). Emails are working.
I don't pretend to know what I've changed, as I haven't really looked at
the source, so make changes at your own risk.:)
Reg
Richard Hopkins wrote:
>
>
> My OSSEC-HIDS stopped alerting me by email at the end of August. I ran
> a "truss" on the ossec-maild process and see it's complaining that...
>
> open64("/logs/alerts/2006/Sept/ossec-alerts-04.log", O_RDONLY) Err#2
> ENOENT
>
> Checking my /logs/alerts/2006 directory, I see...
>
> shark# pwd
> /var/ossec/logs/alerts/2006
>
> shark# ls
> Aug Jul Sep
>
> So there's an inconsistency here (Sept vs Sep).
>
> Can we have a fix, please?
>
> Cheers,
>
> Richard
>
>
>
>
