Dan I haved cloned openbsd_inotify
and isnt compile
+ -I/usr/local/include/inotify
ifeq (${uname_S},OpenBSD)
# DEFINES+=-DOpenBSD
DEFINES+=-pthread
LUA_PLAT=posix
CFLAGS+=-I/usr/local/include -I/usr/local/include/inotify
OSSEC_LDFLAGS+=-L/usr/local/lib
shared.a(validate_op.o): In function `OS_IsValidIP':
validate_op.c:(.text+0xa9b): warning: warning: strcpy() is almost always
misused, please use strlcpy()
shared.a(hash_op.o): In function `OSHash_setSize':
hash_op.c:(.text+0x366): warning: warning: random() may return
deterministic values, is that what you want?
syscheckd/run_realtime.o: In function `realtime_start':
run_realtime.c:(.text+0x5e): undefined reference to `inotify_init'
syscheckd/run_realtime.o: In function `realtime_adddir':
run_realtime.c:(.text+0x131): undefined reference to `inotify_add_watch'
collect2: ld returned 1 exit status
gmake: *** [Makefile:975: ossec-syscheckd] Error 1
Error 0x5.
Building error. Unable to finish the installation.
same error from OSSEC 2.9 RC3
>From OpenBSD 6.0 AMD64 Pkg's -> /var/db/pkg/libinotify-20160503
2016-09-30 15:52 GMT-03:00 R0me0 *** <knight....@gmail.com>:
> I am using 2.8.3 version and is a little bit different. Anyway I have made
> all changes in sources files without success.
>
> Another very interesting point is:
>
> report_changes=yes
>
> isnt reporting the diff's just sum changes.
>
> Thank you guys ! really really appreciated your help !
>
> :)
>
>
>
>
>
>
>
>
>
> 2016-09-30 13:13 GMT-03:00 dan (ddp) <ddp...@gmail.com>:
>
>> On Fri, Sep 30, 2016 at 11:07 AM, R0me0 *** <knight....@gmail.com> wrote:
>> > Taking a better look within Makeall file the flag to compile is: cho
>> > "EEXTRA=-DUSEINOTIFY" >> Config.OS
>> >
>> > tmp/ossec-hids-2.8.3/src/syscheckd/run_realtime.c:172: undefined
>> reference
>> > to `inotify_add_watch'
>> > collect2: ld returned 1 exit status
>> > *** Error 1 in syscheckd (Makefile:15 'syscheck')
>> >
>>
>> I'm using MASTER from github, but here are the changes I made to get
>> it to compile:
>> https://github.com/ddpbsd/ossec-hids/commits/openbsd_inotify
>>
>>
>> >
>> >
>> > 2016-09-30 11:46 GMT-03:00 dan (ddp) <ddp...@gmail.com>:
>> >>
>> >> On Fri, Sep 30, 2016 at 9:49 AM, R0me0 *** <knight....@gmail.com>
>> wrote:
>> >> > @dann I already set CFLAGS including include directory of inotify.h
>> >> > without
>> >> > success
>> >> >
>> >>
>> >> I've gotten it to compile and not give me errors, but I also don't see
>> >> any realtime alerts.
>> >> I'll have to find a simple inotify testing program or something to see
>> >> if it even works.
>> >>
>> >> > @Victor without success
>> >> >
>> >> > :(
>> >> >
>> >> > I'll keep researching
>> >> >
>> >> > Thank you guys
>> >> >
>> >> >
>> >> > 2016-09-30 8:12 GMT-03:00 Victor Fernandez <vic...@wazuh.com>:
>> >> >>
>> >> >> Hello,
>> >> >>
>> >> >> I've never done this on OpenBSD, but try to force the inotify
>> support
>> >> >> with
>> >> >> Make:
>> >> >>
>> >> >> cd src
>> >> >> make TARGET=agent USE_INOTIFY=yes
>> >> >>
>> >> >> Hope it helps.
>> >> >> Regards.
>> >> >>
>> >> >>
>> >> >> On Friday, September 30, 2016 at 12:38:30 AM UTC+2, dan (ddpbsd)
>> wrote:
>> >> >>>
>> >> >>> On Sep 29, 2016 4:10 PM, "R0me0 ***" <knigh...@gmail.com> wrote:
>> >> >>> >
>> >> >>> > Hello guys.
>> >> >>> >
>> >> >>> > I'm trying to use real monitoring.
>> >> >>> >
>> >> >>> > I have installed inotify-tools from OpenBSD packages
>> >> >>> >
>> >> >>> > Initially I guess something related with run_realtime.c and I
>> point
>> >> >>> > inotify.h path.
>> >> >>> >
>> >> >>> > But I still without be able to use Real monitoring with the
>> follow
>> >> >>> > error in ossec.conf
>> >> >>> >
>> >> >>> > ( OpenBSD - OSSEC AGENT )
>> >> >>> >
>> >> >>> > ossec-syscheckd: WARN: Ignoring flag for real time monitoring on
>> >> >>> > directory: '/etc/pf'.
>> >> >>> >
>> >> >>> > Anyone has this setup working ? Any directions will be really
>> >> >>> > appreciated
>> >> >>> >
>> >> >>> > Thanks in advance,
>> >> >>> >
>> >> >>>
>> >> >>> I spent some time messing with it awhile back, but never got it
>> >> >>> working.
>> >> >>> There are some Makefile changes you have to make, as well as
>> possible
>> >> >>> src
>> >> >>> changes.
>> >> >>>
>> >> >>> >
>> >> >>> >
>> >> >>> >
>> >> >>> > --
>> >> >>> >
>> >> >>> > ---
>> >> >>> > You received this message because you are subscribed to the
>> Google
>> >> >>> > Groups "ossec-list" group.
>> >> >>> > To unsubscribe from this group and stop receiving emails from it,
>> >> >>> > send
>> >> >>> > an email to ossec-list+...@googlegroups.com.
>> >> >>> > For more options, visit https://groups.google.com/d/optout.
>> >> >>
>> >> >> --
>> >> >>
>> >> >> ---
>> >> >> You received this message because you are subscribed to the Google
>> >> >> Groups
>> >> >> "ossec-list" group.
>> >> >> To unsubscribe from this group and stop receiving emails from it,
>> send
>> >> >> an
>> >> >> email to ossec-list+unsubscr...@googlegroups.com.
>> >> >> For more options, visit https://groups.google.com/d/optout.
>> >> >
>> >> >
>> >> > --
>> >> >
>> >> > ---
>> >> > You received this message because you are subscribed to the Google
>> >> > Groups
>> >> > "ossec-list" group.
>> >> > To unsubscribe from this group and stop receiving emails from it,
>> send
>> >> > an
>> >> > email to ossec-list+unsubscr...@googlegroups.com.
>> >> > For more options, visit https://groups.google.com/d/optout.
>> >>
>> >> --
>> >>
>> >> ---
>> >> You received this message because you are subscribed to the Google
>> Groups
>> >> "ossec-list" group.
>> >> To unsubscribe from this group and stop receiving emails from it, send
>> an
>> >> email to ossec-list+unsubscr...@googlegroups.com.
>> >> For more options, visit https://groups.google.com/d/optout.
>> >
>> >
>> > --
>> >
>> > ---
>> > You received this message because you are subscribed to the Google
>> Groups
>> > "ossec-list" group.
>> > To unsubscribe from this group and stop receiving emails from it, send
>> an
>> > email to ossec-list+unsubscr...@googlegroups.com.
>> > For more options, visit https://groups.google.com/d/optout.
>>
>> --
>>
>> ---
>> You received this message because you are subscribed to the Google Groups
>> "ossec-list" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to ossec-list+unsubscr...@googlegroups.com.
>> For more options, visit https://groups.google.com/d/optout.
>>
>
>
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
