On Sat, Aug 6, 2011 at 1:15 PM, Jeremy Lee <[email protected]> wrote: > This is 2.5.1 > We thought about just upgrading to 2.6 but we need the full_command > functionality in the agent.conf > I'm not sure what is different about the install.sh compilation of > ossec-logcollector, but I know that when I compile from source it doesn't > work. > I basically did this: > 1) in src, run "make all" (also tried just "make libs") > 2) in src/logcollector, run "make" > 3) cp src/logcollector/ossec-logcollector /var/ossec/bin > 4) restart OSSEC > 5) OSSEC.log loads only what's in ossec.conf
Why not modify the src and re-run the install.sh? Also, diff? > On Sat, Aug 6, 2011 at 9:50 AM, dan (ddp) <[email protected]> wrote: >> >> Which version of OSSEC? >> >> On Sat, Aug 6, 2011 at 12:14 PM, jplee3 <[email protected]> wrote: >> > Nevermind my last comment about ossec.conf not being read properly. I >> > must have not saved it after editing...doh. >> > >> > It seems to work fine. But agent.conf doesn't seem to be processed in >> > still. >> > >> > On Aug 5, 4:54 pm, jplee3 <[email protected]> wrote: >> >> Hi all, >> >> >> >> So we ran into an issue with "Large message size" warnings filling up >> >> the ossec.log file and causing the file to grow out of control and use >> >> up disk space. I went ahead and commented out the lines in >> >> read_syslog.c and read_multiline.c to prevent this from happening in >> >> the future, but then noticed after starting OSSEC back up, that the >> >> full commands weren't running. >> >> >> >> I made sure to backup the original ossec-logcollector, and when I >> >> restored it and restarted OSSEC, the full commands showed up as >> >> running in the ossec.log >> >> >> >> At first I thought it was the changes I made with commenting out the >> >> "Large message size" lines, so I deleted the dir, untarred to a fresh >> >> folder, and compiled straight away. Copied the ossec-logcollector >> >> over, restarted OSSEC, and no go with full command. >> >> >> >> Is there something I'm missing when compiling in src/logcollector? I >> >> noticed that read_fullcommand.c does exist in this directory. > >
