I am trying to install beta 2.7 on Ubuntu 12.04 (stable compiled fine on it) following the install notes for geoip support.
I pulled down the geoip source referenced in the install notes and compiled it successfully. In the ossec src folder I did the make setgeoip command. When I run the ossec install script I got these errors.. gcc -g -Wall -I../ -I../headers -DDEFAULTDIR=\"/var/ossec\" -DGEOIP -lGeoIP -DARGV0=\"ossec-analysisd\" -DXML_VAR=\"var\" -DOSSECHIDS -I./ analysisd.c stats.c lists.c lists_list.c rules.c rules_list.c config.c fts.c dodiff.c eventinfo.c eventinfo_list.c cleanevent.c active-response.c picviz.c prelude.c compiled_rules/*.o ../config/lib_config.a decoders/decoders.a cdb/cdb.a cdb/cdb_make.a alerts/alerts.a ../os_xml/os_xml.a ../os_regex/os_regex.a ../os_net/os_net.a ../shared/lib_shared.a ../os_zlib/os_zlib.c ../external/libz.a -o ossec-analysisd alerts/alerts.a(log.o): In function `GeoIPLookup': /root/ossec-hids-2.7-beta-2/src/analysisd/alerts/log.c:66: undefined reference to `GeoIP_open' /root/ossec-hids-2.7-beta-2/src/analysisd/alerts/log.c:71: undefined reference to `GeoIP_record_by_name_v6' /root/ossec-hids-2.7-beta-2/src/analysisd/alerts/log.c:82: undefined reference to `GeoIP_open' /root/ossec-hids-2.7-beta-2/src/analysisd/alerts/log.c:87: undefined reference to `GeoIP_record_by_name' /root/ossec-hids-2.7-beta-2/src/analysisd/alerts/log.c:90: undefined reference to `GeoIP_region_name_by_code' /root/ossec-hids-2.7-beta-2/src/analysisd/alerts/log.c:95: undefined reference to `GeoIP_delete' /root/ossec-hids-2.7-beta-2/src/analysisd/alerts/log.c:98: undefined reference to `GeoIP_delete' Looks like the geoip put itself in the /usr/local/lib folder so my wild guess is maybe I need to include that folder at compile time? root@slas:/root/ossec-hids-2.7-beta-2# ls -la /usr/local/lib/ total 2396 drwxr-xr-x 3 root root 4096 Oct 22 13:14 . drwxr-xr-x 10 root root 4096 Aug 22 01:30 .. -rw-r--r-- 1 root root 1471990 Oct 22 13:14 libGeoIP.a -rwxr-xr-x 1 root root 950 Oct 22 13:14 libGeoIP.la lrwxrwxrwx 1 root root 17 Oct 22 13:14 libGeoIP.so -> libGeoIP.so.1.4.8 lrwxrwxrwx 1 root root 17 Oct 22 13:14 libGeoIP.so.1 -> libGeoIP.so.1.4.8 -rwxr-xr-x 1 root root 788239 Oct 22 13:14 libGeoIP.so.1.4.8 -rw-r--r-- 1 root root 91036 Oct 22 13:14 libGeoIPUpdate.a -rwxr-xr-x 1 root root 1023 Oct 22 13:14 libGeoIPUpdate.la lrwxrwxrwx 1 root root 23 Oct 22 13:14 libGeoIPUpdate.so -> libGeoIPUpdate.so.0.0.0 lrwxrwxrwx 1 root root 23 Oct 22 13:14 libGeoIPUpdate.so.0 -> libGeoIPUpdate.so.0.0.0 -rwxr-xr-x 1 root root 71255 Oct 22 13:14 libGeoIPUpdate.so.0.0.0 Has anyone else had or worked around these issues ? I would really like to get the geoip stuff working.. Thanks.. James Whittington
