Hi Dan, thanks for the pull request. When upgrading to 2.9 I would need to uninstall my current ossec installation or is there a upgrade scenario? would this mean I would lose my current data (e.g alerts, logs, etc...) because if so, I will wait till february to install OSSEC 2.9, after my thesis project was accepted and finalized.
you were right, the two errors were unrelated. I ran out of inodes previously, I coudn't even run a tail of the ossec.log anymore. I had it set to 8192 and then increased it to 16384. The syscheck errors disappeared then... Am Mittwoch, 23. Dezember 2015 13:46:25 UTC+1 schrieb dan (ddpbsd): > > On Wed, Dec 23, 2015 at 7:15 AM, theresa mic-snare > <[email protected] <javascript:>> wrote: > > hi everyone, > > > > I'm receiving multiple errors during rootcheck... I think we discussed > this > > a couple of months ago...and from what I remember it would be fixed in > the > > next release? > > 2015/12/23 12:01:25 ERROR: statfs('/usr/local/apache') produced error: > No > > such file or directory > > 2015/12/23 12:01:25 ERROR: statfs('/usr/local/apache2') produced error: > No > > such file or directory > > 2015/12/23 12:01:25 ERROR: statfs('/usr/local/www') produced error: No > such > > file or directory > > 2015/12/23 12:01:25 ERROR: statfs('/var/htdocs') produced error: No such > > file or directory > > 2015/12/23 12:01:25 ERROR: statfs('/home/httpd') produced error: No such > > file or directory > > 2015/12/23 12:01:25 ERROR: statfs('/usr/local/apache') produced error: > No > > such file or directory > > 2015/12/23 12:01:25 ERROR: statfs('/usr/local/apache2') produced error: > No > > such file or directory > > 2015/12/23 12:01:25 ERROR: statfs('/usr/local/www') produced error: No > such > > file or directory > > > > I'm still using the old stable version 2.8 (no idea which minor version, > > because in ossec-init.conf it only says 2.8) > > Has this been fixed in 2.9 ? > > > > Download the beta and see: > https://bintray.com/ossec/ossec-hids/ossec-hids/2.9.0_beta_20151211/view > But no, I don't think it was. The PR I submitted for this was never > accepted, and it looks like I deleted the branch several months after > submitting it. So here's a new pull request: > https://github.com/ossec/ossec-hids/pull/720 > > > and where do these statfs errors come from anyway? I don't think I have > this > > in the ossec.conf so it must come from a .c file > > > > and I've also got this error recently: > > 2015/12/23 13:09:20 ossec-syscheckd: ERROR: Unable to add directory to > real > > time monitoring: '/var/www/html/dokuwiki/lib/plugins/config/lang/eu'. -1 > 28 > > 2015/12/23 13:09:20 ossec-syscheckd: ERROR: Unable to add directory to > real > > time monitoring: '/var/www/html/dokuwiki/lib/plugins/config/lang/ru'. -1 > 28 > > 2015/12/23 13:09:20 ossec-syscheckd: ERROR: Unable to add directory to > real > > time monitoring: > > '/var/www/html/dokuwiki/lib/plugins/config/lang/ca-valencia'. -1 28 > > 2015/12/23 13:09:22 ossec-syscheckd: ERROR: Unable to add directory to > real > > time monitoring: '/var/www/html/dokuwiki/lib/plugins/config/lang/mr'. -1 > 28 > > 2015/12/23 13:09:22 ossec-syscheckd: ERROR: Unable to add directory to > real > > time monitoring: '/var/www/html/dokuwiki/lib/plugins/config/lang/de'. -1 > 28 > > 2015/12/23 13:09:22 ossec-syscheckd: ERROR: Unable to add directory to > real > > time monitoring: '/var/www/html/dokuwiki/lib/plugins/config/lang/id-ni'. > -1 > > 28 > > 2015/12/23 13:09:22 ossec-syscheckd: ERROR: Unable to add directory to > real > > time monitoring: '/var/www/html/dokuwiki/lib/plugins/config/lang/ja'. -1 > 28 > > 2015/12/23 13:09:22 ossec-syscheckd: ERROR: Unable to add directory to > real > > time monitoring: '/var/www/html/dokuwiki/lib/plugins/config/lang/fr'. -1 > 28 > > 2015/12/23 13:09:22 ossec-syscheckd: ERROR: Unable to add directory to > real > > time monitoring: '/var/www/html/dokuwiki/lib/plugins/config/lang/sl'. -1 > 28 > > 2015/12/23 13:09:22 ossec-syscheckd: ERROR: Unable to add directory to > real > > time monitoring: '/var/www/html/dokuwiki/lib/plugins/config/lang/zh'. -1 > 28 > > > > no idea why this cannot be added to real time monitoring. > > any ideas? > > > > I don't think these issues are related. Have you run out of space? Run > out of inodes? Have some special permission or SELinux policy blocking > the operation? > > > sorry, if this has been asked before! > > > > best, > > theresa > > > > -- > > > > --- > > You received this message because you are subscribed to the Google > Groups > > "ossec-list" group. > > To unsubscribe from this group and stop receiving emails from it, send > an > > email to [email protected] <javascript:>. > > For more options, visit https://groups.google.com/d/optout. > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
