Got it. I will continue to dig around. On Monday, June 24, 2013 4:52:43 PM UTC-4, dan (ddpbsd) wrote: > > On Mon, Jun 24, 2013 at 4:37 PM, David Blanton > <[email protected]<javascript:>> > wrote: > > The queue error is only the Solaris box agent - after I installed 2.7.1 > > beta. I'm not too concerned about the duplicate files error - I just > > understand why I was getting them because I did not have any duplicates > in > > ossec.conf. It also prevents analysisd from starting. > > > > Ok that might make it easier. You still need to check for errors in the > log. And analysisd doesn't run on agents, so that shouldn't even try to > start. > > > > > On Monday, June 24, 2013 4:29:56 PM UTC-4, dan (ddpbsd) wrote: > >> > >> On Mon, Jun 24, 2013 at 4:19 PM, David Blanton > >> <[email protected]> wrote: > >> > Hey dan so when I updated all my agents and server to 2.7.1, it kinda > >> > broke > >> > everything.. Im getting duplicate directory errors, the Solaris box is > >> > saying the queue files cannot be read, and that my agents cannot > connect > >> > to > >> > my server (1514). I'm not sure what happened, when I ran the install > >> > script, > >> > I just entered y to update. > >> > > >> > >> Are you getting the queue errors on the server or the agents? > >> Are there any errors in the ossec.log before the queue errors? > >> > >> The duplicate directory errors shouldn't be a big deal, they're closer > >> to warnings than errors (probably duplication between ossec.conf and > >> agent.conf). > >> > >> > On Monday, June 24, 2013 3:07:39 PM UTC-4, dan (ddpbsd) wrote: > >> >> > >> >> On Mon, Jun 24, 2013 at 3:04 PM, David Blanton > >> >> <[email protected]> wrote: > >> >> > One quick thing - do I need to go to 2.7.1 for server and agent? Or > >> >> > just > >> >> > agent? Will there be any issues with a 2.7.1 agent communicating > with > >> >> > a > >> >> > 2.7 > >> >> > server? > >> >> > > >> >> > >> >> It's best if you keep them in sync. When in doubt the server should > be > >> >> higher version than the agent. I haven't personally tried it any > other > >> >> way. > >> >> > >> >> > > >> >> > On Monday, June 24, 2013 12:52:58 PM UTC-4, dan (ddpbsd) wrote: > >> >> >> > >> >> >> On Mon, Jun 24, 2013 at 12:42 PM, David Blanton > >> >> >> <[email protected]> wrote: > >> >> >> > Here is the full message I get during the make. I noticed in an > >> >> >> > older > >> >> >> > thread > >> >> >> > you posted a fix and was wondering if there was any other > concrete > >> >> >> > fixes > >> >> >> > you > >> >> >> > have available. > >> >> >> > > >> >> >> > >> >> >> 2.7.1 is full of fixes, including this one.Some legacy systems > like > >> >> >> Solaris don't have strnlen, so adjustments have to be made. 2.7.1 > >> >> >> should fix this right up. > >> >> >> > >> >> >> > *** Making os_csyslogd *** > >> >> >> > > >> >> >> > gcc -g -Wall -I../ -I../headers > >> >> >> > -DDEFAULTDIR=\"/home/dblanton/ossec\" > >> >> >> > -DCLIENT -DSOLARIS -DHIGHFIRST -DARGV0=\"ossec-csyslogd\" > >> >> >> > -DXML_VAR=\"var\" -DOSSECHIDS -lsocket -lnsl -lresolv *.c > >> >> >> > ../config/lib_config.a ../shared/lib_shared.a ../os_net/os_net.a > >> >> >> > ../os_regex/os_regex.a ../os_xml/os_xml.a -o ossec-csyslogd > >> >> >> > csyslogd.c: In function `field_add_string': > >> >> >> > csyslogd.c:117: warning: implicit declaration of function > >> >> >> > `strnlen' > >> >> >> > Undefined first referenced > >> >> >> > symbol in file > >> >> >> > strnlen /var/tmp//cc9GyBBv.o > >> >> >> > ld: fatal: Symbol referencing errors. No output written to > >> >> >> > ossec-csyslogd > >> >> >> > collect2: ld returned 1 exit status > >> >> >> > *** Error code 1 > >> >> >> > make: Fatal error: Command failed for target `default' > >> >> >> > Current working directory > >> >> >> > /home/dblanton/ossec-install/ossec-hids-2.7/src/os_csyslogd > >> >> >> > > >> >> >> > > >> >> >> > Error Making os_csyslogd > >> >> >> > *** Error code 1 > >> >> >> > The following command caused the error: > >> >> >> > /bin/sh ./Makeall all > >> >> >> > make: Fatal error: Command failed for target `all' > >> >> >> > > >> >> >> > Error 0x5. > >> >> >> > Building error. Unable to finish the installation. > >> >> >> > > >> >> >> > > >> >> >> > > >> >> >> > On Monday, June 24, 2013 12:21:16 PM UTC-4, dan (ddpbsd) wrote: > >> >> >> >> > >> >> >> >> On Mon, Jun 24, 2013 at 11:59 AM, David Blanton > >> >> >> >> <[email protected]> wrote: > >> >> >> >> > The error I am getting during the installation process: > >> >> >> >> > > >> >> >> >> > Error Making os_csyslogd > >> >> >> >> > *** Error code 1 > >> >> >> >> > The following command caused the error: > >> >> >> >> > /bin/sh ./Makeall all > >> >> >> >> > make: Fatal error: Command failed for target `all' > >> >> >> >> > > >> >> >> >> > Error 0x5. > >> >> >> >> > Building error. Unable to finish the installation. > >> >> >> >> > > >> >> >> >> > >> >> >> >> I have to believe there is an actual error message before this. > >> >> >> >> > >> >> >> >> > > >> >> >> >> > I tried the solution #vi install.sh > >> >> >> >> > > >> >> >> >> > and change the first line of code from #!bin/sh to #!bin/bash > >> >> >> >> > however > >> >> >> >> > it > >> >> >> >> > did > >> >> >> >> > not work. > >> >> >> >> > > >> >> >> >> > I also tried to find that error line by / /Makeall all in vi > >> >> >> >> > however > >> >> >> >> > it > >> >> >> >> > could not find it. Any tips? > >> >> >> >> > > >> >> >> >> > -- > >> >> >> >> > > >> >> >> >> > --- > >> >> >> >> > You received this message because you are subscribed to the > >> >> >> >> > Google > >> >> >> >> > Groups > >> >> >> >> > "ossec-list" group. > >> >> >> >> > To unsubscribe from this group and stop receiving emails from > >> >> >> >> > it, > >> >> >> >> > send > >> >> >> >> > an > >> >> >> >> > email to [email protected]. > >> >> >> >> > For more options, visit > >> >> >> >> > https://groups.google.com/groups/opt_out. > >> >> >> >> > > >> >> >> >> > > >> >> >> > > >> >> >> > -- > >> >> >> > > >> >> >> > --- > >> >> >> > You received this message because you are subscribed to the > Google > >> >> >> > Groups > >> >> >> > "ossec-list" group. > >> >> >> > To unsubscribe from this group and stop receiving emails from > it, > >> >> >> > send > >> >> >> > an > >> >> >> > email to [email protected]. > >> >> >> > For more options, visit > https://groups.google.com/groups/opt_out. > >> >> >> > > >> >> >> > > >> >> > > >> >> > -- > >> >> > > >> >> > --- > >> >> > You received this message because you are subscribed to the Google > >> >> > Groups > >> >> > "ossec-list" group. > >> >> > To unsubscribe from this group and stop receiving emails from it, > >> >> > send > >> >> > an > >> >> > email to [email protected]. > >> >> > For more options, visit https://groups.google.com/groups/opt_out. > >> >> > > >> >> > > >> > > >> > -- > >> > > >> > --- > >> > You received this message because you are subscribed to the Google > >> > Groups > >> > "ossec-list" group. > >> > To unsubscribe from this group and stop receiving emails from it, send > >> > an > >> > email to [email protected]. > >> > For more options, visit https://groups.google.com/groups/opt_out. > >> > > >> > > > > > -- > > > > --- > > You received this message because you are subscribed to the Google Groups > > "ossec-list" group. > > To unsubscribe from this group and stop receiving emails from it, send an > > email to [email protected] <javascript:>. > > For more options, visit https://groups.google.com/groups/opt_out. > > > > >
-- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
