On Tue, Oct 30, 2012 at 9:08 PM, James Whittington
<[email protected]> wrote:
> I still haven’t had any luck getting the geoip support compiling under
> ossec.
>
> The compile process is hanging up on the log.c file.
>
> “ossec-hids-2.7-beta-2/src/analysisd/alerts/log.c”
>
>
>
> I really don’t work with c programming (more of a systems engineer guy) but
> I do see log.c expecting geoip header files.
>
> How would ossec find the geoip header files unless it were told where to get
> them? It’s been a LONG time since my C programming college class so forgive
> me if I am asking a stupid question.
>
> I tried forcing the compile to look at /usr/local/lib by adding it to the
> Config.Make file, but it didn’t seem to fix anything.
>
> CFLAGS = -g -Wall -I${PT} -I${PT}headers ${CPATH} ${CEXTRA} ${DEXTRA}
> ${EEXTRA} ${FEXTRA} ${GEXTRA} ${HEXTRA} ${CGEOIP} -I/usr/local/lib/*.a
What if you tried it with something like:
-L/usr/local/lib -I/usr/local/include
The second one is a capital i.
> -DARGV0=\"${NAME}\" -DXML_VAR=\"var\" -DOSSECHIDS
>
>
>
> What’s interesting is if I copy the geoip header files to the ossec headers
> folder and run a make in the alerts folder I get a different sort of error,
> again I am not a programmer so I don’t truly understand if it means
> anything?
>
>
>
> root@slas:/root/ossec-hids-2.7-beta-2/src/analysisd/alerts# make
>
> gcc -I../ -g -Wall -I../../ -I../../headers -DGEOIP -lGeoIP
> -I/usr/local/lib/*.a -DARGV0=\"alerts\" -DXML_VAR=\"var\" -DOSSECHIDS -c
> mail.c log.c exec.c getloglocation.c
>
> log.c: In function âGeoIPLookupâ:
>
> log.c:96:3: warning: function returns address of local variable [enabled by
> default]
>
>
>
> Any ideas out there? Anyone else working with ossec beta + geoip + Ubuntu
> out there??
>
>
>
> James Whittington
>
>
>
> From: [email protected] [mailto:[email protected]] On
> Behalf Of Jb Cheng
> Sent: Monday, October 29, 2012 7:30 PM
> To: [email protected]
> Subject: [ossec-list] Re: Having Issues Getting geoip working on beta 2
>
>
>
> Your compilation flag is correct: -DGEOIP -lGeoIP
>
> Your ligGeoIP.a file under /usr/local/lib looks right.
>
> You are on the right track, but I am not sure why your linker did not look
> under /usr/local/lib/ for the lib file.
>
>
>
> On Thursday, October 25, 2012 2:56:55 PM UTC-7, James Whittington wrote:
>
> I am trying to install beta 2.7 on Ubuntu 12.04 (stable compiled fine on it)
> following the install notes for geoip support.
>
> I pulled down the geoip source referenced in the install notes and compiled
> it successfully.
> In the ossec src folder I did the “make setgeoip” command.
>
>
> When I run the ossec install script I got these errors..
>
> gcc -g -Wall -I../ -I../headers -DDEFAULTDIR=\"/var/ossec\" -DGEOIP
> -lGeoIP -DARGV0=\"ossec-analysisd\" -DXML_VAR=\"var\" -DOSSECHIDS -I./
> analysisd.c stats.c lists.c lists_list.c rules.c rules_list.c config.c fts.c
> dodiff.c eventinfo.c eventinfo_list.c cleanevent.c active-response.c
> picviz.c prelude.c compiled_rules/*.o ../config/lib_config.a
> decoders/decoders.a cdb/cdb.a cdb/cdb_make.a alerts/alerts.a
> ../os_xml/os_xml.a ../os_regex/os_regex.a ../os_net/os_net.a
> ../shared/lib_shared.a ../os_zlib/os_zlib.c ../external/libz.a -o
> ossec-analysisd
> alerts/alerts.a(log.o): In function `GeoIPLookup':
> /root/ossec-hids-2.7-beta-2/src/analysisd/alerts/log.c:66: undefined
> reference to `GeoIP_open'
> /root/ossec-hids-2.7-beta-2/src/analysisd/alerts/log.c:71: undefined
> reference to `GeoIP_record_by_name_v6'
> /root/ossec-hids-2.7-beta-2/src/analysisd/alerts/log.c:82: undefined
> reference to `GeoIP_open'
> /root/ossec-hids-2.7-beta-2/src/analysisd/alerts/log.c:87: undefined
> reference to `GeoIP_record_by_name'
> /root/ossec-hids-2.7-beta-2/src/analysisd/alerts/log.c:90: undefined
> reference to `GeoIP_region_name_by_code'
> /root/ossec-hids-2.7-beta-2/src/analysisd/alerts/log.c:95: undefined
> reference to `GeoIP_delete'
> /root/ossec-hids-2.7-beta-2/src/analysisd/alerts/log.c:98: undefined
> reference to `GeoIP_delete'
>
> Looks like the geoip put itself in the “/usr/local/lib” folder so my wild
> guess is maybe I need to include that folder at compile time?
>
> root@slas:/root/ossec-hids-2.7-beta-2# ls -la /usr/local/lib/
> total 2396
> drwxr-xr-x 3 root root 4096 Oct 22 13:14 .
> drwxr-xr-x 10 root root 4096 Aug 22 01:30 ..
> -rw-r--r-- 1 root root 1471990 Oct 22 13:14 libGeoIP.a
> -rwxr-xr-x 1 root root 950 Oct 22 13:14 libGeoIP.la
> lrwxrwxrwx 1 root root 17 Oct 22 13:14 libGeoIP.so ->
> libGeoIP.so.1.4.8
> lrwxrwxrwx 1 root root 17 Oct 22 13:14 libGeoIP.so.1 ->
> libGeoIP.so.1.4.8
> -rwxr-xr-x 1 root root 788239 Oct 22 13:14 libGeoIP.so.1.4.8
> -rw-r--r-- 1 root root 91036 Oct 22 13:14 libGeoIPUpdate.a
> -rwxr-xr-x 1 root root 1023 Oct 22 13:14 libGeoIPUpdate.la
> lrwxrwxrwx 1 root root 23 Oct 22 13:14 libGeoIPUpdate.so ->
> libGeoIPUpdate.so.0.0.0
> lrwxrwxrwx 1 root root 23 Oct 22 13:14 libGeoIPUpdate.so.0 ->
> libGeoIPUpdate.so.0.0.0
> -rwxr-xr-x 1 root root 71255 Oct 22 13:14 libGeoIPUpdate.so.0.0.0
>
> Has anyone else had or worked around these issues ? I would really like to
> get the geoip stuff working..
> Thanks..
>
> James Whittington
>
