On Wed, Oct 31, 2012 at 7:38 PM, Jb Cheng <[email protected]> wrote: > Thank you, I integrated your patch to src/Makefile to > https://bitbucket.org/jbcheng/ossec-hids/ >
That should really be tested with a Linux. I only had an OpenBSD machine to test it on thanks to me being lazy after the power came back on. > On Wednesday, October 31, 2012 8:46:33 AM UTC-7, dan (ddpbsd) wrote: >> >> On Wed, Oct 31, 2012 at 11:26 AM, dan (ddp) <[email protected]> wrote: >> > On Wed, Oct 31, 2012 at 11:15 AM, James Whittington >> > <[email protected]> wrote: >> >> >> >>>What if you tried it with something like: >> >>>-L/usr/local/lib -I/usr/local/include >> >> I tried adding those and that didn't appear to work >> >> >> > >> > I managed to get a similar error, but in os_maild. Adding what I >> > suggested *before* the -lGeoIP worked for me. >> > >> >> gcc -g -Wall -I../ -I../headers -DDEFAULTDIR=\"/var/ossec\" >> >> -DGEOIP >> >> -lGeoIP -L/usr/local/lib -I/usr/local/include >> >> -DARGV0=\"ossec-analysisd\" >> >> -DXML_VAR=\"var\" -DOSSECHIDS -I./ analysisd.c stats.c lists.c >> >> lists_list.c >> >> rules.c rules_list.c config.c fts.c dodiff.c eventinfo.c >> >> eventinfo_list.c >> >> cleanevent.c active-response.c picviz.c prelude.c compiled_rules/*.o >> >> ../config/lib_config.a decoders/decoders.a cdb/cdb.a cdb/cdb_make.a >> >> alerts/alerts.a ../os_xml/os_xml.a ../os_regex/os_regex.a >> >> ../os_net/os_net.a >> >> ../shared/lib_shared.a ../os_zlib/os_zlib.c ../external/libz.a -o >> >> ossec-analysisd >> >> alerts/alerts.a(log.o): In function `GeoIPLookup': >> >> /root/ossec-hids-2.7-beta-2/src/analysisd/alerts/log.c:66: undefined >> >> reference to `GeoIP_open' >> >> /root/ossec-hids-2.7-beta-2/src/analysisd/alerts/log.c:71: undefined >> >> reference to `GeoIP_record_by_name_v6' >> >> /root/ossec-hids-2.7-beta-2/src/analysisd/alerts/log.c:82: undefined >> >> reference to `GeoIP_open' >> >> /root/ossec-hids-2.7-beta-2/src/analysisd/alerts/log.c:87: undefined >> >> reference to `GeoIP_record_by_name' >> >> /root/ossec-hids-2.7-beta-2/src/analysisd/alerts/log.c:90: undefined >> >> reference to `GeoIP_region_name_by_code' >> >> /root/ossec-hids-2.7-beta-2/src/analysisd/alerts/log.c:95: undefined >> >> reference to `GeoIP_delete' >> >> /root/ossec-hids-2.7-beta-2/src/analysisd/alerts/log.c:98: undefined >> >> reference to `GeoIP_delete' >> >> collect2: ld returned 1 exit status >> >> make: *** [logaudit] Error 1 >> >> >> >> >> >> Again I get a more interesting error if I run a make in the alerts >> >> folder >> >> directly. I don’t know if this is an issue or not, line 96 is a >> >> "return(buffer)" command in a subroutine, a google search tells me if >> >> you >> >> were returning a pointer from a subroutine you would get this warning, >> >> but I >> >> think you are just returning the value itself. >> >> >> >> root@slas:/root/ossec-hids-2.7-beta-2/src/analysisd/alerts# make >> >> gcc -I../ -g -Wall -I../../ -I../../headers >> >> -DDEFAULTDIR=\"/var/ossec\" >> >> -DGEOIP -lGeoIP -L/usr/local/lib -I/usr/local/include >> >> -DARGV0=\"alerts\" >> >> -DXML_VAR=\"var\" -DOSSECHIDS -c mail.c log.c exec.c getloglocation.c >> >> log.c: In function âGeoIPLookupâ: >> >> log.c:96:3: warning: function returns address of local variable >> >> [enabled by >> >> default] >> >> ar cru alerts.a mail.o log.o exec.o getloglocation.o >> >> ranlib alerts.a >> >> >> >> If I have time I may just try building on another server to see if I >> >> can >> >> reproduce the condition or hopefully just get the binaries (with geoip >> >> support) built. >> >> >> >> James Whittington >> >> >> >>
