On Sep 30, 2016 3:44 PM, "R0me0 ***" <knight....@gmail.com> wrote:
>
> Dan I haved cloned openbsd_inotify
>
> and isnt compile
>
> + -I/usr/local/include/inotify
>
>
>
>
> ifeq (${uname_S},OpenBSD)
> # DEFINES+=-DOpenBSD
> DEFINES+=-pthread
> LUA_PLAT=posix
> CFLAGS+=-I/usr/local/include -I/usr/local/include/inotify
> OSSEC_LDFLAGS+=-L/usr/local/lib
>
>
>
>
>
> shared.a(validate_op.o): In function `OS_IsValidIP':
> validate_op.c:(.text+0xa9b): warning: warning: strcpy() is almost always
misused, please use strlcpy()
> shared.a(hash_op.o): In function `OSHash_setSize':
> hash_op.c:(.text+0x366): warning: warning: random() may return
deterministic values, is that what you want?
> syscheckd/run_realtime.o: In function `realtime_start':
> run_realtime.c:(.text+0x5e): undefined reference to `inotify_init'
> syscheckd/run_realtime.o: In function `realtime_adddir':
> run_realtime.c:(.text+0x131): undefined reference to `inotify_add_watch'
> collect2: ld returned 1 exit status
> gmake: *** [Makefile:975: ossec-syscheckd] Error 1
>
> Error 0x5.
> Building error. Unable to finish the installation.
>
>
>
> same error from OSSEC 2.9 RC3
>
>
> From OpenBSD 6.0 AMD64 Pkg's -> /var/db/pkg/libinotify-20160503
>
>
Make aure libinotify ahows up when you `ldconfig -r`
Other than that, I'll have to take a closer look later
>
>
>
>
>
>
>
> 2016-09-30 15:52 GMT-03:00 R0me0 *** <knight....@gmail.com>:
>>
>> I am using 2.8.3 version and is a little bit different. Anyway I have
made all changes in sources files without success.
>>
>> Another very interesting point is:
>>
>> report_changes=yes
>>
>> isnt reporting the diff's just sum changes.
>>
>> Thank you guys ! really really appreciated your help !
>>
>> :)
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> 2016-09-30 13:13 GMT-03:00 dan (ddp) <ddp...@gmail.com>:
>>>
>>> On Fri, Sep 30, 2016 at 11:07 AM, R0me0 *** <knight....@gmail.com>
wrote:
>>> > Taking a better look within Makeall file the flag to compile is: cho
>>> > "EEXTRA=-DUSEINOTIFY" >> Config.OS
>>> >
>>> > tmp/ossec-hids-2.8.3/src/syscheckd/run_realtime.c:172: undefined
reference
>>> > to `inotify_add_watch'
>>> > collect2: ld returned 1 exit status
>>> > *** Error 1 in syscheckd (Makefile:15 'syscheck')
>>> >
>>>
>>> I'm using MASTER from github, but here are the changes I made to get
>>> it to compile:
>>> https://github.com/ddpbsd/ossec-hids/commits/openbsd_inotify
>>>
>>>
>>> >
>>> >
>>> > 2016-09-30 11:46 GMT-03:00 dan (ddp) <ddp...@gmail.com>:
>>> >>
>>> >> On Fri, Sep 30, 2016 at 9:49 AM, R0me0 *** <knight....@gmail.com>
wrote:
>>> >> > @dann I already set CFLAGS including include directory of inotify.h
>>> >> > without
>>> >> > success
>>> >> >
>>> >>
>>> >> I've gotten it to compile and not give me errors, but I also don't
see
>>> >> any realtime alerts.
>>> >> I'll have to find a simple inotify testing program or something to
see
>>> >> if it even works.
>>> >>
>>> >> > @Victor without success
>>> >> >
>>> >> > :(
>>> >> >
>>> >> > I'll keep researching
>>> >> >
>>> >> > Thank you guys
>>> >> >
>>> >> >
>>> >> > 2016-09-30 8:12 GMT-03:00 Victor Fernandez <vic...@wazuh.com>:
>>> >> >>
>>> >> >> Hello,
>>> >> >>
>>> >> >> I've never done this on OpenBSD, but try to force the inotify
support
>>> >> >> with
>>> >> >> Make:
>>> >> >>
>>> >> >> cd src
>>> >> >> make TARGET=agent USE_INOTIFY=yes
>>> >> >>
>>> >> >> Hope it helps.
>>> >> >> Regards.
>>> >> >>
>>> >> >>
>>> >> >> On Friday, September 30, 2016 at 12:38:30 AM UTC+2, dan (ddpbsd)
wrote:
>>> >> >>>
>>> >> >>> On Sep 29, 2016 4:10 PM, "R0me0 ***" <knigh...@gmail.com> wrote:
>>> >> >>> >
>>> >> >>> > Hello guys.
>>> >> >>> >
>>> >> >>> > I'm trying to use real monitoring.
>>> >> >>> >
>>> >> >>> > I have installed inotify-tools from OpenBSD packages
>>> >> >>> >
>>> >> >>> > Initially I guess something related with run_realtime.c and I
point
>>> >> >>> > inotify.h path.
>>> >> >>> >
>>> >> >>> > But I still without be able to use Real monitoring with the
follow
>>> >> >>> > error in ossec.conf
>>> >> >>> >
>>> >> >>> > ( OpenBSD - OSSEC AGENT )
>>> >> >>> >
>>> >> >>> > ossec-syscheckd: WARN: Ignoring flag for real time monitoring
on
>>> >> >>> > directory: '/etc/pf'.
>>> >> >>> >
>>> >> >>> > Anyone has this setup working ? Any directions will be really
>>> >> >>> > appreciated
>>> >> >>> >
>>> >> >>> > Thanks in advance,
>>> >> >>> >
>>> >> >>>
>>> >> >>> I spent some time messing with it awhile back, but never got it
>>> >> >>> working.
>>> >> >>> There are some Makefile changes you have to make, as well as
possible
>>> >> >>> src
>>> >> >>> changes.
>>> >> >>>
>>> >> >>> >
>>> >> >>> >
>>> >> >>> >
>>> >> >>> > --
>>> >> >>> >
>>> >> >>> > ---
>>> >> >>> > You received this message because you are subscribed to the
Google
>>> >> >>> > Groups "ossec-list" group.
>>> >> >>> > To unsubscribe from this group and stop receiving emails from
it,
>>> >> >>> > send
>>> >> >>> > an email to ossec-list+...@googlegroups.com.
>>> >> >>> > For more options, visit https://groups.google.com/d/optout.
>>> >> >>
>>> >> >> --
>>> >> >>
>>> >> >> ---
>>> >> >> You received this message because you are subscribed to the Google
>>> >> >> Groups
>>> >> >> "ossec-list" group.
>>> >> >> To unsubscribe from this group and stop receiving emails from it,
send
>>> >> >> an
>>> >> >> email to ossec-list+unsubscr...@googlegroups.com.
>>> >> >> For more options, visit https://groups.google.com/d/optout.
>>> >> >
>>> >> >
>>> >> > --
>>> >> >
>>> >> > ---
>>> >> > You received this message because you are subscribed to the Google
>>> >> > Groups
>>> >> > "ossec-list" group.
>>> >> > To unsubscribe from this group and stop receiving emails from it,
send
>>> >> > an
>>> >> > email to ossec-list+unsubscr...@googlegroups.com.
>>> >> > For more options, visit https://groups.google.com/d/optout.
>>> >>
>>> >> --
>>> >>
>>> >> ---
>>> >> You received this message because you are subscribed to the Google
Groups
>>> >> "ossec-list" group.
>>> >> To unsubscribe from this group and stop receiving emails from it,
send an
>>> >> email to ossec-list+unsubscr...@googlegroups.com.
>>> >> For more options, visit https://groups.google.com/d/optout.
>>> >
>>> >
>>> > --
>>> >
>>> > ---
>>> > You received this message because you are subscribed to the Google
Groups
>>> > "ossec-list" group.
>>> > To unsubscribe from this group and stop receiving emails from it,
send an
>>> > email to ossec-list+unsubscr...@googlegroups.com.
>>> > For more options, visit https://groups.google.com/d/optout.
>>>
>>> --
>>>
>>> ---
>>> You received this message because you are subscribed to the Google
Groups "ossec-list" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
an email to ossec-list+unsubscr...@googlegroups.com.
>>> For more options, visit https://groups.google.com/d/optout.
>>
>>
>
> --
>
> ---
> You received this message because you are subscribed to the Google Groups
"ossec-list" group.
> To unsubscribe from this group and stop receiving emails from it, send an
email to ossec-list+unsubscr...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
