I don't think it would hurt to do it. On Fri, Oct 2, 2015 at 2:02 PM, DefensiveDepth <[email protected]> wrote: > Looks like the client is still stable this morning. > > Do you want me to re-build and test the new changes you made, or wait? > > -Josh > > On Friday, October 2, 2015 at 8:45:18 AM UTC-4, dan (ddpbsd) wrote: >> >> I've also made a couple of smaller changes to the branch. It still >> compiles for win32 and now compiles for *nix as well. >> I still need to make sure the hybrid fix is in, and do some more >> testing. After that it's document the changes and submit them. I still >> have to figure out the whole git tagging thing, to make sure I don't >> clobber anything important. >> >> On Fri, Oct 2, 2015 at 7:29 AM, dan (ddp) <[email protected]> wrote: >> > On Thu, Oct 1, 2015 at 4:34 PM, DefensiveDepth <[email protected]> >> > wrote: >> >> Built great. (Thanks!) >> >> >> >> Installed and running on 2008 R2 right now. Appears to be working >> >> correctly. >> >> Getting a massive number of the following errors in the client log: >> >> >> >> ===================== >> >> >> >> 2015/10/01 16:24:59 ossec-agent: ERROR: Could not mkstemp_ex() >> >> temporary >> >> bookmark (tmp/Microsoft-Windows-Sysmon_Operational-a03592) for >> >> (Microsoft-Windows-Sysmon/Operational) >> >> >> >> 2015/10/01 16:24:59 ossec-agent: ERROR: Could not create temporary file >> >> (tmp/Microsoft-Windows-Sysmon_Operational-a03592) which returned (3) >> >> >> >> 2015/10/01 16:24:59 ossec-agent: ERROR: Could not mkstemp_ex() >> >> temporary >> >> bookmark (tmp/Microsoft-Windows-Sysmon_Operational-a03592) for >> >> (Microsoft-Windows-Sysmon/Operational) >> >> >> >> 2015/10/01 16:24:59 ossec-agent: ERROR: Could not create temporary file >> >> (tmp/Microsoft-Windows-Sysmon_Operational-a03592) which returned (3) >> >> ================== >> >> >> > >> > I'll try to look at these this weekend to try and figure out if >> > they're a big deal or not. >> > >> >> Will check in the morning to make sure everything is still working >> >> right >> >> >> >> -Josh >> >> >> >> On Thursday, October 1, 2015 at 9:01:57 AM UTC-4, dan (ddpbsd) wrote: >> >>> >> >>> (Hint: I did, but I'll deal with that fallout later :-P) >> >>> >> >>> On Oct 1, 2015 8:55 AM, "dan (ddp)" <[email protected]> wrote: >> >>>> >> >>>> I've updated the branch again. I managed to compile a binary, but >> >>>> can't test it at the moment. >> >>>> I'm running a *nix build or two in the mean time to make sure I >> >>>> didn't >> >>>> mess anything up there. >> >>>> >> >>>> On Thu, Oct 1, 2015 at 5:16 AM, DefensiveDepth <[email protected]> >> >>>> wrote: >> >>>> > When in doubt, caffeinate! >> >>>> > >> >>>> > Is the mkstemp error possibly related to the version of mingw32 we >> >>>> > are >> >>>> > running? >> >>>> > >> >>>> > >> >>>> > On Wednesday, September 30, 2015 at 10:52:51 PM UTC-4, dan (ddpbsd) >> >>>> > wrote: >> >>>> >> >> >>>> >> On Wed, Sep 30, 2015 at 10:31 PM, dan (ddp) <[email protected]> >> >>>> >> wrote: >> >>>> >> > On Wed, Sep 30, 2015 at 8:22 PM, SoulAuctioneer >> >>>> >> > <[email protected]> wrote: >> >>>> >> >> Might just need to add this line into error_messages.h in Dan's >> >>>> >> >> branch: >> >>>> >> >> >> >>>> >> >> >> >>>> >> >> >> >>>> >> >> >> >>>> >> >> https://github.com/awiddersheim/ossec-hids/blob/master/src/error_messages/error_messages.h#L44 >> >>>> >> >> >> >>>> >> > >> >>>> >> > There's definitely more than that. Adding that line I still get: >> >>>> >> > /tmp/ccw4cOwc.o:read_win_event_channel.c:(.text+0xcdb): >> >>>> >> > undefined >> >>>> >> > reference to `mkstemp_ex' >> >>>> >> > /tmp/ccw4cOwc.o:read_win_event_channel.c:(.text+0xe19): >> >>>> >> > undefined >> >>>> >> > reference to `rename_ex' >> >>>> >> > /usr/bin/i686-w64-mingw32-ld: /tmp/ccw4cOwc.o: bad reloc address >> >>>> >> > 0xd84 >> >>>> >> > in section `.rdata' >> >>>> >> > collect2: error: ld returned 1 exit status >> >>>> >> > >> >>>> >> > Unfortunately, google doesn't help with mkstemp_ex or rename_ex. >> >>>> >> > >> >>>> >> >> >>>> >> Derp, found those. I probably shouldn't have settled for decaf. >> >>>> >> >> >>>> >> > >> >>>> >> >> -- >> >>>> >> >> >> >>>> >> >> --- >> >>>> >> >> You received this message because you are subscribed to the >> >>>> >> >> Google >> >>>> >> >> Groups >> >>>> >> >> "ossec-list" group. >> >>>> >> >> To unsubscribe from this group and stop receiving emails from >> >>>> >> >> it, >> >>>> >> >> send >> >>>> >> >> an >> >>>> >> >> email to [email protected]. >> >>>> >> >> For more options, visit https://groups.google.com/d/optout. >> >>>> > >> >>>> > -- >> >>>> > >> >>>> > --- >> >>>> > You received this message because you are subscribed to the Google >> >>>> > Groups >> >>>> > "ossec-list" group. >> >>>> > To unsubscribe from this group and stop receiving emails from it, >> >>>> > send >> >>>> > an >> >>>> > email to [email protected]. >> >>>> > For more options, visit https://groups.google.com/d/optout. >> >> >> >> -- >> >> >> >> --- >> >> You received this message because you are subscribed to the Google >> >> Groups >> >> "ossec-list" group. >> >> To unsubscribe from this group and stop receiving emails from it, send >> >> an >> >> email to [email protected]. >> >> For more options, visit https://groups.google.com/d/optout. > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout.
-- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
