Hello Jeremy,
2014-03-09 22:58 GMT-04:00 Jeremy Rossi <[email protected]>: > >> It's a work in progress. People interested can check it here >> https://trac.macports.org/ticket/42533 >> I included some config/rules for a local install on a client computer but >> they still need more reviews. And if others want to share more rules, >> please do! >> > > This is also wonderful. Some of the decoders might be useful to a > larger group. Would you be willing to to send them upstream? Clearly, that's the point of sharing. Still, if some more people could test them as for now, I just have one setup. > Main annoying points w ossec are > * random compiling errors like ranlib size too large. just start again > command. > Do you have the output? Of this I have never seen thing before. >>> make[2]: Entering directory `/Users/touche/.macports/opt/local/var/macports/build/_Volumes_Data_myports_security_ossec/ossec/work/ossec-hids-2.7.1/src/analysisd/cdb' /opt/local/bin/gcc-mp-4.9 -I../ -g -Wall -I../../ -I../../headers -I/opt/local/include -DDEFAULTDIR=\"/opt/local/var/ossec\" -DLOCAL -DUSE_OPENSSL -DDarwin -DHIGHFIRST -DARGV0=\"cdb\" -DXML_VAR=\"var\" -DOSSECHIDS -c cdb.c cdb_hash.c cdb_make.c uint32_pack.c uint32_unpack.c make[2]: Entering directory `/Users/touche/.macports/opt/local/var/macports/build/_Volumes_Data_myports_security_ossec/ossec/work/ossec-hids-2.7.1/src/analysisd/cdb' /opt/local/bin/gcc-mp-4.9 -I../ -g -Wall -I../../ -I../../headers -I/opt/local/include -DDEFAULTDIR=\"/opt/local/var/ossec\" -DLOCAL -DUSE_OPENSSL -DDarwin -DHIGHFIRST -DARGV0=\"cdb\" -DXML_VAR=\"var\" -DOSSECHIDS -c cdb.c cdb_hash.c cdb_make.c uint32_pack.c uint32_unpack.c ar cru cdb.a cdb.o cdb_hash.o cdb_make.o uint32_pack.o uint32_unpack.o ar cru cdb.a cdb.o cdb_hash.o cdb_make.o uint32_pack.o uint32_unpack.o ar cru cdb_make.a cdb.o cdb_hash.o cdb_make.o uint32_pack.o uint32_unpack.o ranlib cdb.a ar cru cdb_make.a cdb.o cdb_hash.o cdb_make.o uint32_pack.o uint32_unpack.o ranlib cdb_make.a /opt/local/bin/ranlib: archive member: cdb_make.a(cdb.o) size too large (archive member extends past the end of the file) ar: internal ranlib command failed make[2]: Leaving directory `/Users/touche/.macports/opt/local/var/macports/build/_Volumes_Data_myports_security_ossec/ossec/work/ossec-hids-2.7.1/src/analysisd/cdb' <<< The problem seems not fixed to ossec. I have seen on other software, macports or not and I'm on x86_64 arch. Some say, just start again make, some split the archive but found nothing satisfying for now. https://bugreports.qt-project.org/browse/QTBUG-20619 https://code.google.com/p/ios-toolchain-based-on-clang-for-linux/issues/detail?id=6 > > * the missing part of at least one executable: no "phase 2" in >> ossec-logtest which also seems to be random. >> > > random anything is not good and is something I would like to know more > about. If you get some tests of this happening or if you have system > where you can run logtest 1000 times and get 1 random error I would love > to know as we can work together to get a tester built to see what is > going one. > I fully agree. I don't have any automated test frameworkg. Just, I made the port installed, at the right prefix, I started to check rules and refined and when discussing them on the list with dan last week, it seems there was a missing part. And the missing part was in the executable... I really can't understand how this happening. Following that, I rebuilt and got the 3 phases, did another time and miss one... Here, also, it will be useful to get feedback of other people/configurations. I will try in coming days to make a pseudo tester, basically do loop build check strings of ossec-logtest and see if there any differences in build log Cheers, Julien -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
