I've also made a couple of smaller changes to the branch. It still compiles for win32 and now compiles for *nix as well. I still need to make sure the hybrid fix is in, and do some more testing. After that it's document the changes and submit them. I still have to figure out the whole git tagging thing, to make sure I don't clobber anything important.
On Fri, Oct 2, 2015 at 7:29 AM, dan (ddp) <[email protected]> wrote: > On Thu, Oct 1, 2015 at 4:34 PM, DefensiveDepth <[email protected]> wrote: >> Built great. (Thanks!) >> >> Installed and running on 2008 R2 right now. Appears to be working correctly. >> Getting a massive number of the following errors in the client log: >> >> ===================== >> >> 2015/10/01 16:24:59 ossec-agent: ERROR: Could not mkstemp_ex() temporary >> bookmark (tmp/Microsoft-Windows-Sysmon_Operational-a03592) for >> (Microsoft-Windows-Sysmon/Operational) >> >> 2015/10/01 16:24:59 ossec-agent: ERROR: Could not create temporary file >> (tmp/Microsoft-Windows-Sysmon_Operational-a03592) which returned (3) >> >> 2015/10/01 16:24:59 ossec-agent: ERROR: Could not mkstemp_ex() temporary >> bookmark (tmp/Microsoft-Windows-Sysmon_Operational-a03592) for >> (Microsoft-Windows-Sysmon/Operational) >> >> 2015/10/01 16:24:59 ossec-agent: ERROR: Could not create temporary file >> (tmp/Microsoft-Windows-Sysmon_Operational-a03592) which returned (3) >> ================== >> > > I'll try to look at these this weekend to try and figure out if > they're a big deal or not. > >> Will check in the morning to make sure everything is still working right >> >> -Josh >> >> On Thursday, October 1, 2015 at 9:01:57 AM UTC-4, dan (ddpbsd) wrote: >>> >>> (Hint: I did, but I'll deal with that fallout later :-P) >>> >>> On Oct 1, 2015 8:55 AM, "dan (ddp)" <[email protected]> wrote: >>>> >>>> I've updated the branch again. I managed to compile a binary, but >>>> can't test it at the moment. >>>> I'm running a *nix build or two in the mean time to make sure I didn't >>>> mess anything up there. >>>> >>>> On Thu, Oct 1, 2015 at 5:16 AM, DefensiveDepth <[email protected]> >>>> wrote: >>>> > When in doubt, caffeinate! >>>> > >>>> > Is the mkstemp error possibly related to the version of mingw32 we are >>>> > running? >>>> > >>>> > >>>> > On Wednesday, September 30, 2015 at 10:52:51 PM UTC-4, dan (ddpbsd) >>>> > wrote: >>>> >> >>>> >> On Wed, Sep 30, 2015 at 10:31 PM, dan (ddp) <[email protected]> wrote: >>>> >> > On Wed, Sep 30, 2015 at 8:22 PM, SoulAuctioneer >>>> >> > <[email protected]> wrote: >>>> >> >> Might just need to add this line into error_messages.h in Dan's >>>> >> >> branch: >>>> >> >> >>>> >> >> >>>> >> >> >>>> >> >> https://github.com/awiddersheim/ossec-hids/blob/master/src/error_messages/error_messages.h#L44 >>>> >> >> >>>> >> > >>>> >> > There's definitely more than that. Adding that line I still get: >>>> >> > /tmp/ccw4cOwc.o:read_win_event_channel.c:(.text+0xcdb): undefined >>>> >> > reference to `mkstemp_ex' >>>> >> > /tmp/ccw4cOwc.o:read_win_event_channel.c:(.text+0xe19): undefined >>>> >> > reference to `rename_ex' >>>> >> > /usr/bin/i686-w64-mingw32-ld: /tmp/ccw4cOwc.o: bad reloc address >>>> >> > 0xd84 >>>> >> > in section `.rdata' >>>> >> > collect2: error: ld returned 1 exit status >>>> >> > >>>> >> > Unfortunately, google doesn't help with mkstemp_ex or rename_ex. >>>> >> > >>>> >> >>>> >> Derp, found those. I probably shouldn't have settled for decaf. >>>> >> >>>> >> > >>>> >> >> -- >>>> >> >> >>>> >> >> --- >>>> >> >> You received this message because you are subscribed to the Google >>>> >> >> Groups >>>> >> >> "ossec-list" group. >>>> >> >> To unsubscribe from this group and stop receiving emails from it, >>>> >> >> send >>>> >> >> an >>>> >> >> email to [email protected]. >>>> >> >> For more options, visit https://groups.google.com/d/optout. >>>> > >>>> > -- >>>> > >>>> > --- >>>> > You received this message because you are subscribed to the Google >>>> > Groups >>>> > "ossec-list" group. >>>> > To unsubscribe from this group and stop receiving emails from it, send >>>> > an >>>> > email to [email protected]. >>>> > For more options, visit https://groups.google.com/d/optout. >> >> -- >> >> --- >> You received this message because you are subscribed to the Google Groups >> "ossec-list" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
