On Fri, Sep 30, 2016 at 11:07 AM, R0me0 *** <knight....@gmail.com> wrote: > Taking a better look within Makeall file the flag to compile is: cho > "EEXTRA=-DUSEINOTIFY" >> Config.OS > > tmp/ossec-hids-2.8.3/src/syscheckd/run_realtime.c:172: undefined reference > to `inotify_add_watch' > collect2: ld returned 1 exit status > *** Error 1 in syscheckd (Makefile:15 'syscheck') >
I'm using MASTER from github, but here are the changes I made to get it to compile: https://github.com/ddpbsd/ossec-hids/commits/openbsd_inotify > > > 2016-09-30 11:46 GMT-03:00 dan (ddp) <ddp...@gmail.com>: >> >> On Fri, Sep 30, 2016 at 9:49 AM, R0me0 *** <knight....@gmail.com> wrote: >> > @dann I already set CFLAGS including include directory of inotify.h >> > without >> > success >> > >> >> I've gotten it to compile and not give me errors, but I also don't see >> any realtime alerts. >> I'll have to find a simple inotify testing program or something to see >> if it even works. >> >> > @Victor without success >> > >> > :( >> > >> > I'll keep researching >> > >> > Thank you guys >> > >> > >> > 2016-09-30 8:12 GMT-03:00 Victor Fernandez <vic...@wazuh.com>: >> >> >> >> Hello, >> >> >> >> I've never done this on OpenBSD, but try to force the inotify support >> >> with >> >> Make: >> >> >> >> cd src >> >> make TARGET=agent USE_INOTIFY=yes >> >> >> >> Hope it helps. >> >> Regards. >> >> >> >> >> >> On Friday, September 30, 2016 at 12:38:30 AM UTC+2, dan (ddpbsd) wrote: >> >>> >> >>> On Sep 29, 2016 4:10 PM, "R0me0 ***" <knigh...@gmail.com> wrote: >> >>> > >> >>> > Hello guys. >> >>> > >> >>> > I'm trying to use real monitoring. >> >>> > >> >>> > I have installed inotify-tools from OpenBSD packages >> >>> > >> >>> > Initially I guess something related with run_realtime.c and I point >> >>> > inotify.h path. >> >>> > >> >>> > But I still without be able to use Real monitoring with the follow >> >>> > error in ossec.conf >> >>> > >> >>> > ( OpenBSD - OSSEC AGENT ) >> >>> > >> >>> > ossec-syscheckd: WARN: Ignoring flag for real time monitoring on >> >>> > directory: '/etc/pf'. >> >>> > >> >>> > Anyone has this setup working ? Any directions will be really >> >>> > appreciated >> >>> > >> >>> > Thanks in advance, >> >>> > >> >>> >> >>> I spent some time messing with it awhile back, but never got it >> >>> working. >> >>> There are some Makefile changes you have to make, as well as possible >> >>> src >> >>> changes. >> >>> >> >>> > >> >>> > >> >>> > >> >>> > -- >> >>> > >> >>> > --- >> >>> > You received this message because you are subscribed to the Google >> >>> > Groups "ossec-list" group. >> >>> > To unsubscribe from this group and stop receiving emails from it, >> >>> > send >> >>> > an email to ossec-list+...@googlegroups.com. >> >>> > For more options, visit https://groups.google.com/d/optout. >> >> >> >> -- >> >> >> >> --- >> >> You received this message because you are subscribed to the Google >> >> Groups >> >> "ossec-list" group. >> >> To unsubscribe from this group and stop receiving emails from it, send >> >> an >> >> email to ossec-list+unsubscr...@googlegroups.com. >> >> For more options, visit https://groups.google.com/d/optout. >> > >> > >> > -- >> > >> > --- >> > You received this message because you are subscribed to the Google >> > Groups >> > "ossec-list" group. >> > To unsubscribe from this group and stop receiving emails from it, send >> > an >> > email to ossec-list+unsubscr...@googlegroups.com. >> > For more options, visit https://groups.google.com/d/optout. >> >> -- >> >> --- >> You received this message because you are subscribed to the Google Groups >> "ossec-list" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to ossec-list+unsubscr...@googlegroups.com. >> For more options, visit https://groups.google.com/d/optout. > > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to ossec-list+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
