I am using 2.8.3 version and is a little bit different. Anyway I have made all changes in sources files without success.
Another very interesting point is: report_changes=yes isnt reporting the diff's just sum changes. Thank you guys ! really really appreciated your help ! :) 2016-09-30 13:13 GMT-03:00 dan (ddp) <ddp...@gmail.com>: > On Fri, Sep 30, 2016 at 11:07 AM, R0me0 *** <knight....@gmail.com> wrote: > > Taking a better look within Makeall file the flag to compile is: cho > > "EEXTRA=-DUSEINOTIFY" >> Config.OS > > > > tmp/ossec-hids-2.8.3/src/syscheckd/run_realtime.c:172: undefined > reference > > to `inotify_add_watch' > > collect2: ld returned 1 exit status > > *** Error 1 in syscheckd (Makefile:15 'syscheck') > > > > I'm using MASTER from github, but here are the changes I made to get > it to compile: > https://github.com/ddpbsd/ossec-hids/commits/openbsd_inotify > > > > > > > > 2016-09-30 11:46 GMT-03:00 dan (ddp) <ddp...@gmail.com>: > >> > >> On Fri, Sep 30, 2016 at 9:49 AM, R0me0 *** <knight....@gmail.com> > wrote: > >> > @dann I already set CFLAGS including include directory of inotify.h > >> > without > >> > success > >> > > >> > >> I've gotten it to compile and not give me errors, but I also don't see > >> any realtime alerts. > >> I'll have to find a simple inotify testing program or something to see > >> if it even works. > >> > >> > @Victor without success > >> > > >> > :( > >> > > >> > I'll keep researching > >> > > >> > Thank you guys > >> > > >> > > >> > 2016-09-30 8:12 GMT-03:00 Victor Fernandez <vic...@wazuh.com>: > >> >> > >> >> Hello, > >> >> > >> >> I've never done this on OpenBSD, but try to force the inotify support > >> >> with > >> >> Make: > >> >> > >> >> cd src > >> >> make TARGET=agent USE_INOTIFY=yes > >> >> > >> >> Hope it helps. > >> >> Regards. > >> >> > >> >> > >> >> On Friday, September 30, 2016 at 12:38:30 AM UTC+2, dan (ddpbsd) > wrote: > >> >>> > >> >>> On Sep 29, 2016 4:10 PM, "R0me0 ***" <knigh...@gmail.com> wrote: > >> >>> > > >> >>> > Hello guys. > >> >>> > > >> >>> > I'm trying to use real monitoring. > >> >>> > > >> >>> > I have installed inotify-tools from OpenBSD packages > >> >>> > > >> >>> > Initially I guess something related with run_realtime.c and I > point > >> >>> > inotify.h path. > >> >>> > > >> >>> > But I still without be able to use Real monitoring with the follow > >> >>> > error in ossec.conf > >> >>> > > >> >>> > ( OpenBSD - OSSEC AGENT ) > >> >>> > > >> >>> > ossec-syscheckd: WARN: Ignoring flag for real time monitoring on > >> >>> > directory: '/etc/pf'. > >> >>> > > >> >>> > Anyone has this setup working ? Any directions will be really > >> >>> > appreciated > >> >>> > > >> >>> > Thanks in advance, > >> >>> > > >> >>> > >> >>> I spent some time messing with it awhile back, but never got it > >> >>> working. > >> >>> There are some Makefile changes you have to make, as well as > possible > >> >>> src > >> >>> changes. > >> >>> > >> >>> > > >> >>> > > >> >>> > > >> >>> > -- > >> >>> > > >> >>> > --- > >> >>> > You received this message because you are subscribed to the Google > >> >>> > Groups "ossec-list" group. > >> >>> > To unsubscribe from this group and stop receiving emails from it, > >> >>> > send > >> >>> > an email to ossec-list+...@googlegroups.com. > >> >>> > For more options, visit https://groups.google.com/d/optout. > >> >> > >> >> -- > >> >> > >> >> --- > >> >> You received this message because you are subscribed to the Google > >> >> Groups > >> >> "ossec-list" group. > >> >> To unsubscribe from this group and stop receiving emails from it, > send > >> >> an > >> >> email to ossec-list+unsubscr...@googlegroups.com. > >> >> For more options, visit https://groups.google.com/d/optout. > >> > > >> > > >> > -- > >> > > >> > --- > >> > You received this message because you are subscribed to the Google > >> > Groups > >> > "ossec-list" group. > >> > To unsubscribe from this group and stop receiving emails from it, send > >> > an > >> > email to ossec-list+unsubscr...@googlegroups.com. > >> > For more options, visit https://groups.google.com/d/optout. > >> > >> -- > >> > >> --- > >> You received this message because you are subscribed to the Google > Groups > >> "ossec-list" group. > >> To unsubscribe from this group and stop receiving emails from it, send > an > >> email to ossec-list+unsubscr...@googlegroups.com. > >> For more options, visit https://groups.google.com/d/optout. > > > > > > -- > > > > --- > > You received this message because you are subscribed to the Google Groups > > "ossec-list" group. > > To unsubscribe from this group and stop receiving emails from it, send an > > email to ossec-list+unsubscr...@googlegroups.com. > > For more options, visit https://groups.google.com/d/optout. > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to ossec-list+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
