On Wed, Dec 23, 2015 at 8:21 AM, theresa mic-snare <[email protected]> wrote: > Hi Dan, > > thanks for the pull request. > When upgrading to 2.9 I would need to uninstall my current ossec > installation or is there a upgrade scenario? > would this mean I would lose my current data (e.g alerts, logs, etc...) > because if so, I will wait till february to install OSSEC 2.9, after my > thesis project was accepted and finalized. >
I understand waiting (and I wouldn't blame you at all), but there is an upgrade option. > you were right, the two errors were unrelated. > I ran out of inodes previously, I coudn't even run a tail of the ossec.log > anymore. I had it set to 8192 and then increased it to 16384. > The syscheck errors disappeared then... > > Am Mittwoch, 23. Dezember 2015 13:46:25 UTC+1 schrieb dan (ddpbsd): >> >> On Wed, Dec 23, 2015 at 7:15 AM, theresa mic-snare >> <[email protected]> wrote: >> > hi everyone, >> > >> > I'm receiving multiple errors during rootcheck... I think we discussed >> > this >> > a couple of months ago...and from what I remember it would be fixed in >> > the >> > next release? >> > 2015/12/23 12:01:25 ERROR: statfs('/usr/local/apache') produced error: >> > No >> > such file or directory >> > 2015/12/23 12:01:25 ERROR: statfs('/usr/local/apache2') produced error: >> > No >> > such file or directory >> > 2015/12/23 12:01:25 ERROR: statfs('/usr/local/www') produced error: No >> > such >> > file or directory >> > 2015/12/23 12:01:25 ERROR: statfs('/var/htdocs') produced error: No such >> > file or directory >> > 2015/12/23 12:01:25 ERROR: statfs('/home/httpd') produced error: No such >> > file or directory >> > 2015/12/23 12:01:25 ERROR: statfs('/usr/local/apache') produced error: >> > No >> > such file or directory >> > 2015/12/23 12:01:25 ERROR: statfs('/usr/local/apache2') produced error: >> > No >> > such file or directory >> > 2015/12/23 12:01:25 ERROR: statfs('/usr/local/www') produced error: No >> > such >> > file or directory >> > >> > I'm still using the old stable version 2.8 (no idea which minor version, >> > because in ossec-init.conf it only says 2.8) >> > Has this been fixed in 2.9 ? >> > >> >> Download the beta and see: >> https://bintray.com/ossec/ossec-hids/ossec-hids/2.9.0_beta_20151211/view >> But no, I don't think it was. The PR I submitted for this was never >> accepted, and it looks like I deleted the branch several months after >> submitting it. So here's a new pull request: >> https://github.com/ossec/ossec-hids/pull/720 >> >> > and where do these statfs errors come from anyway? I don't think I have >> > this >> > in the ossec.conf so it must come from a .c file >> > >> > and I've also got this error recently: >> > 2015/12/23 13:09:20 ossec-syscheckd: ERROR: Unable to add directory to >> > real >> > time monitoring: '/var/www/html/dokuwiki/lib/plugins/config/lang/eu'. -1 >> > 28 >> > 2015/12/23 13:09:20 ossec-syscheckd: ERROR: Unable to add directory to >> > real >> > time monitoring: '/var/www/html/dokuwiki/lib/plugins/config/lang/ru'. -1 >> > 28 >> > 2015/12/23 13:09:20 ossec-syscheckd: ERROR: Unable to add directory to >> > real >> > time monitoring: >> > '/var/www/html/dokuwiki/lib/plugins/config/lang/ca-valencia'. -1 28 >> > 2015/12/23 13:09:22 ossec-syscheckd: ERROR: Unable to add directory to >> > real >> > time monitoring: '/var/www/html/dokuwiki/lib/plugins/config/lang/mr'. -1 >> > 28 >> > 2015/12/23 13:09:22 ossec-syscheckd: ERROR: Unable to add directory to >> > real >> > time monitoring: '/var/www/html/dokuwiki/lib/plugins/config/lang/de'. -1 >> > 28 >> > 2015/12/23 13:09:22 ossec-syscheckd: ERROR: Unable to add directory to >> > real >> > time monitoring: '/var/www/html/dokuwiki/lib/plugins/config/lang/id-ni'. >> > -1 >> > 28 >> > 2015/12/23 13:09:22 ossec-syscheckd: ERROR: Unable to add directory to >> > real >> > time monitoring: '/var/www/html/dokuwiki/lib/plugins/config/lang/ja'. -1 >> > 28 >> > 2015/12/23 13:09:22 ossec-syscheckd: ERROR: Unable to add directory to >> > real >> > time monitoring: '/var/www/html/dokuwiki/lib/plugins/config/lang/fr'. -1 >> > 28 >> > 2015/12/23 13:09:22 ossec-syscheckd: ERROR: Unable to add directory to >> > real >> > time monitoring: '/var/www/html/dokuwiki/lib/plugins/config/lang/sl'. -1 >> > 28 >> > 2015/12/23 13:09:22 ossec-syscheckd: ERROR: Unable to add directory to >> > real >> > time monitoring: '/var/www/html/dokuwiki/lib/plugins/config/lang/zh'. -1 >> > 28 >> > >> > no idea why this cannot be added to real time monitoring. >> > any ideas? >> > >> >> I don't think these issues are related. Have you run out of space? Run >> out of inodes? Have some special permission or SELinux policy blocking >> the operation? >> >> > sorry, if this has been asked before! >> > >> > best, >> > theresa >> > >> > -- >> > >> > --- >> > You received this message because you are subscribed to the Google >> > Groups >> > "ossec-list" group. >> > To unsubscribe from this group and stop receiving emails from it, send >> > an >> > email to [email protected]. >> > For more options, visit https://groups.google.com/d/optout. > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
