Thank you, I integrated your patch to src/Makefile to https://bitbucket.org/jbcheng/ossec-hids/
On Wednesday, October 31, 2012 8:46:33 AM UTC-7, dan (ddpbsd) wrote: > > On Wed, Oct 31, 2012 at 11:26 AM, dan (ddp) <[email protected]<javascript:>> > wrote: > > On Wed, Oct 31, 2012 at 11:15 AM, James Whittington > > <[email protected] <javascript:>> wrote: > >> > >>>What if you tried it with something like: > >>>-L/usr/local/lib -I/usr/local/include > >> I tried adding those and that didn't appear to work > >> > > > > I managed to get a similar error, but in os_maild. Adding what I > > suggested *before* the -lGeoIP worked for me. > > > >> gcc -g -Wall -I../ -I../headers -DDEFAULTDIR=\"/var/ossec\" > -DGEOIP > >> -lGeoIP -L/usr/local/lib -I/usr/local/include > -DARGV0=\"ossec-analysisd\" > >> -DXML_VAR=\"var\" -DOSSECHIDS -I./ analysisd.c stats.c lists.c > lists_list.c > >> rules.c rules_list.c config.c fts.c dodiff.c eventinfo.c > eventinfo_list.c > >> cleanevent.c active-response.c picviz.c prelude.c compiled_rules/*.o > >> ../config/lib_config.a decoders/decoders.a cdb/cdb.a cdb/cdb_make.a > >> alerts/alerts.a ../os_xml/os_xml.a ../os_regex/os_regex.a > ../os_net/os_net.a > >> ../shared/lib_shared.a ../os_zlib/os_zlib.c ../external/libz.a -o > >> ossec-analysisd > >> alerts/alerts.a(log.o): In function `GeoIPLookup': > >> /root/ossec-hids-2.7-beta-2/src/analysisd/alerts/log.c:66: undefined > >> reference to `GeoIP_open' > >> /root/ossec-hids-2.7-beta-2/src/analysisd/alerts/log.c:71: undefined > >> reference to `GeoIP_record_by_name_v6' > >> /root/ossec-hids-2.7-beta-2/src/analysisd/alerts/log.c:82: undefined > >> reference to `GeoIP_open' > >> /root/ossec-hids-2.7-beta-2/src/analysisd/alerts/log.c:87: undefined > >> reference to `GeoIP_record_by_name' > >> /root/ossec-hids-2.7-beta-2/src/analysisd/alerts/log.c:90: undefined > >> reference to `GeoIP_region_name_by_code' > >> /root/ossec-hids-2.7-beta-2/src/analysisd/alerts/log.c:95: undefined > >> reference to `GeoIP_delete' > >> /root/ossec-hids-2.7-beta-2/src/analysisd/alerts/log.c:98: undefined > >> reference to `GeoIP_delete' > >> collect2: ld returned 1 exit status > >> make: *** [logaudit] Error 1 > >> > >> > >> Again I get a more interesting error if I run a make in the alerts > folder > >> directly. I don’t know if this is an issue or not, line 96 is a > >> "return(buffer)" command in a subroutine, a google search tells me if > you > >> were returning a pointer from a subroutine you would get this warning, > but I > >> think you are just returning the value itself. > >> > >> root@slas:/root/ossec-hids-2.7-beta-2/src/analysisd/alerts# make > >> gcc -I../ -g -Wall -I../../ -I../../headers > -DDEFAULTDIR=\"/var/ossec\" > >> -DGEOIP -lGeoIP -L/usr/local/lib -I/usr/local/include > -DARGV0=\"alerts\" > >> -DXML_VAR=\"var\" -DOSSECHIDS -c mail.c log.c exec.c getloglocation.c > >> log.c: In function âGeoIPLookupâ: > >> log.c:96:3: warning: function returns address of local variable > [enabled by > >> default] > >> ar cru alerts.a mail.o log.o exec.o getloglocation.o > >> ranlib alerts.a > >> > >> If I have time I may just try building on another server to see if I > can > >> reproduce the condition or hopefully just get the binaries (with geoip > >> support) built. > >> > >> James Whittington > >> > >> >
