and run
ln -s Sep Sept
On 9/4/06, Daniel Cid <[EMAIL PROTECTED]
> wrote:
Hi Reg,
Your fix would work. It is just a small typo in the month names that caused
this problem (a big one). In addition to that, I just pushed to the
site a patch for
the version 0.9 with the fix.
http://www.ossec.net/files/ossec-hids-0.9-1a.tar.gz
MD5 (ossec-hids-0.9-1a.tar.gz) = efebce3fd7712d94ded6574ee09a4299
SHA1 (ossec-hids-0.9-1a.tar.gz) = 08bfd26e8587e23c18bde010f5c46dd548bdfa00
Just download it and during the install, choose to "update". After the
installation
finishes, make sure that the localtime file at /var/ossec/etc has read
permissions
to everyone...
Thanks for the report...
--
Daniel B. Cid
dcid ( at ) ossec.net
On 9/4/06, Reg <[EMAIL PROTECTED]> wrote:
>
> I've upgraded to 0.9.1 (was at 0.9) and found the same problem. Simply
> go into src dir and change three files:
>
> analysisd/cleanevent.c
> analysisd/stats.c
> shared/file-queue.c
>
> find the string "Sept" and change to "Sep". Re-build as per doc. (I
> used install.sh ). Emails are working.
> I don't pretend to know what I've changed, as I haven't really looked at
> the source, so make changes at your own risk.:)
>
> Reg
>
> Richard Hopkins wrote:
> >
> >
> > My OSSEC-HIDS stopped alerting me by email at the end of August. I ran
> > a "truss" on the ossec-maild process and see it's complaining that...
> >
> > open64("/logs/alerts/2006/Sept/ossec- alerts-04.log", O_RDONLY) Err#2
> > ENOENT
> >
> > Checking my /logs/alerts/2006 directory, I see...
> >
> > shark# pwd
> > /var/ossec/logs/alerts/2006
> >
> > shark# ls
> > Aug Jul Sep
> >
> > So there's an inconsistency here (Sept vs Sep).
> >
> > Can we have a fix, please?
> >
> > Cheers,
> >
> > Richard
> >
> >
> >
> >
>
>
