I have been sifting through the mailing list and found a reference to
64 bit systems causing an issue I have encountered.
Sure enough, the agent with the problem is OpenBSD on Sparc64.
I notice that the change discussed below has been added into the code
for the current version (1.4) of OSSEC.
I guess it does not resolve the problem for Sparc64..
I simply unpacked and ran the install script. Nothing fancy about
what I've done.
Is this the big/little endian issue rearing it's head? I believe
sparc64 is big endian.
Any suggestions?
Thanks,
Lin
--------------error log
2007/12/01 01:40:33 ossec-agentd(1410): Reading authentication keys file.
2007/12/01 01:40:33 ossec-agentd: No previous counter available for 'Dante'.
2007/12/01 01:40:33 ossec-agentd: Assigning counter for agent Dante: '0:0'.
2007/12/01 01:40:33 ossec-agentd: No previous sender counter.
2007/12/01 01:40:33 ossec-agentd: Assigning sender counter: 0:0
2007/12/01 01:40:33 ossec-agentd: Started (pid: 3067).
2007/12/01 01:40:33 ossec-agentd: Connecting to server (10.10.10.207:1514).
2007/12/01 01:40:33 ossec-agentd(2201): Error compressing string:
'd2bb0b700e135b1dc23b94abc66cdd9f396660000000000:0001:#!-agent startup
'.
2007/12/01 01:40:33 ossec-agentd(1217): Error creating encrypted message.
--------------from list
* To: [EMAIL PROTECTED]
* Subject: [ossec-list] Re: ossec-agentd: error compressing string
* From: Martin Gottlieb <[EMAIL PROTECTED]>
* Date: Wed, 09 Aug 2006 13:44:38 -0400
Hi Daniel,
I've been playing with this also and have narrowed it down to the
following lines (39-40)
in src/external/zlib-1.2.3/compress.c:
stream.avail_out = (uInt)*destLen;
if ((uLong)stream.avail_out != *destLen) return Z_BUF_ERROR;
If you change line 40 to:
if ((uInt)stream.avail_out != (uInt)*destLen) return Z_BUF_ERROR;
it seems to fix this problem, but I have a feeling it defeats the
original intent (though I'm not sure what the original intent was).
Martin
