On Thu, Oct 1, 2015 at 4:34 PM, DefensiveDepth <[email protected]> wrote: > Built great. (Thanks!) > > Installed and running on 2008 R2 right now. Appears to be working correctly. > Getting a massive number of the following errors in the client log: > > ===================== > > 2015/10/01 16:24:59 ossec-agent: ERROR: Could not mkstemp_ex() temporary > bookmark (tmp/Microsoft-Windows-Sysmon_Operational-a03592) for > (Microsoft-Windows-Sysmon/Operational) > > 2015/10/01 16:24:59 ossec-agent: ERROR: Could not create temporary file > (tmp/Microsoft-Windows-Sysmon_Operational-a03592) which returned (3) > > 2015/10/01 16:24:59 ossec-agent: ERROR: Could not mkstemp_ex() temporary > bookmark (tmp/Microsoft-Windows-Sysmon_Operational-a03592) for > (Microsoft-Windows-Sysmon/Operational) > > 2015/10/01 16:24:59 ossec-agent: ERROR: Could not create temporary file > (tmp/Microsoft-Windows-Sysmon_Operational-a03592) which returned (3) > ================== >
I'll try to look at these this weekend to try and figure out if they're a big deal or not. > Will check in the morning to make sure everything is still working right > > -Josh > > On Thursday, October 1, 2015 at 9:01:57 AM UTC-4, dan (ddpbsd) wrote: >> >> (Hint: I did, but I'll deal with that fallout later :-P) >> >> On Oct 1, 2015 8:55 AM, "dan (ddp)" <[email protected]> wrote: >>> >>> I've updated the branch again. I managed to compile a binary, but >>> can't test it at the moment. >>> I'm running a *nix build or two in the mean time to make sure I didn't >>> mess anything up there. >>> >>> On Thu, Oct 1, 2015 at 5:16 AM, DefensiveDepth <[email protected]> >>> wrote: >>> > When in doubt, caffeinate! >>> > >>> > Is the mkstemp error possibly related to the version of mingw32 we are >>> > running? >>> > >>> > >>> > On Wednesday, September 30, 2015 at 10:52:51 PM UTC-4, dan (ddpbsd) >>> > wrote: >>> >> >>> >> On Wed, Sep 30, 2015 at 10:31 PM, dan (ddp) <[email protected]> wrote: >>> >> > On Wed, Sep 30, 2015 at 8:22 PM, SoulAuctioneer >>> >> > <[email protected]> wrote: >>> >> >> Might just need to add this line into error_messages.h in Dan's >>> >> >> branch: >>> >> >> >>> >> >> >>> >> >> >>> >> >> https://github.com/awiddersheim/ossec-hids/blob/master/src/error_messages/error_messages.h#L44 >>> >> >> >>> >> > >>> >> > There's definitely more than that. Adding that line I still get: >>> >> > /tmp/ccw4cOwc.o:read_win_event_channel.c:(.text+0xcdb): undefined >>> >> > reference to `mkstemp_ex' >>> >> > /tmp/ccw4cOwc.o:read_win_event_channel.c:(.text+0xe19): undefined >>> >> > reference to `rename_ex' >>> >> > /usr/bin/i686-w64-mingw32-ld: /tmp/ccw4cOwc.o: bad reloc address >>> >> > 0xd84 >>> >> > in section `.rdata' >>> >> > collect2: error: ld returned 1 exit status >>> >> > >>> >> > Unfortunately, google doesn't help with mkstemp_ex or rename_ex. >>> >> > >>> >> >>> >> Derp, found those. I probably shouldn't have settled for decaf. >>> >> >>> >> > >>> >> >> -- >>> >> >> >>> >> >> --- >>> >> >> You received this message because you are subscribed to the Google >>> >> >> Groups >>> >> >> "ossec-list" group. >>> >> >> To unsubscribe from this group and stop receiving emails from it, >>> >> >> send >>> >> >> an >>> >> >> email to [email protected]. >>> >> >> For more options, visit https://groups.google.com/d/optout. >>> > >>> > -- >>> > >>> > --- >>> > You received this message because you are subscribed to the Google >>> > Groups >>> > "ossec-list" group. >>> > To unsubscribe from this group and stop receiving emails from it, send >>> > an >>> > email to [email protected]. >>> > For more options, visit https://groups.google.com/d/optout. > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
