On Mon, Oct 3, 2016 at 6:07 PM, R0me0 *** <knight....@gmail.com> wrote: > Hello dan ! > > Real monitoring still not working, but it could be regarding my ossec server > running 2.8.3. After I upgraded agent to 2.9 ( which is that cloned ) it > stopped to make sums ( md5 sha1 ) so I think is regarding update that real > monitor isn't working . >
It's not really working for me either, but I haven't had time to figure out if libinotify isn't working, or if it's actually OSSEC. > I will need to configure a lab with current branch of ossec and perform all > possible tests like report_changes , check_sum ( which at moment isnt > working properly with current version I running ) I ran a lot of OpenBSD > > Thank you so much your time, attention , need to pay a beer for u. > > > Regards, > > > > > 2016-10-03 14:36 GMT-03:00 R0me0 *** <knight....@gmail.com>: >> >> Hey dannn ! compiled >> >> + DEFINED+=-DINOTIFY_ENABLED >> >> It was i didn 't :P >> >> tail /var/ossec/logs/ossec.log | fgrep "real time" >> 2016/10/03 14:22:51 ossec-syscheckd: INFO: Directory set for real time >> monitoring: '/etc'. >> >> I am waiting diff to populate and I will check if real time it really >> working >> >> back soon :) Thank you so much ! >> >> >> >> 2016-10-03 14:32 GMT-03:00 dan (ddp) <ddp...@gmail.com>: >>> >>> On Mon, Oct 3, 2016 at 1:16 PM, R0me0 *** <knight....@gmail.com> wrote: >>> > Dan , Just have take a look what you changed and I already did it. >>> > >>> > Just for curiosity I will clone and try to compile >>> > >>> > :) >>> > >>> >>> It Compiles for Me (TM) >>> >>> > 2016-10-03 13:58 GMT-03:00 dan (ddp) <ddp...@gmail.com>: >>> >> >>> >> Found the issue, looks like I forgot to commit a few bits. It should >>> >> work >>> >> now. >>> >> >>> >> On Mon, Oct 3, 2016 at 12:54 PM, dan (ddp) <ddp...@gmail.com> wrote: >>> >> > On Mon, Oct 3, 2016 at 12:51 PM, R0me0 *** <knight....@gmail.com> >>> >> > wrote: >>> >> >> Hello Dan, >>> >> >> >>> >> >> I tried to compile the last OSSEC stable release >>> >> >> https://github.com/ossec/ossec-hids/archive/v2.8.3.tar.gz >>> >> >> Also I have cloned https://github.com/ddpbsd/ossec-hids ( >>> >> >> openbsd_inotify ) >>> >> >> branch >>> >> >> Tried the pre-release of OSSEC ( >>> >> >> https://github.com/ossec/ossec-hids/archive/2.9rc3.tar.gz ) >>> >> >> All of them fail to compile witrh inotify >>> >> >> >>> >> >> Note: I am trying to compile OSSEC AGENT with inotify support under >>> >> >> OpenBSD >>> >> >> 6.0 stable branch all patches applied until 009 >>> >> >> >>> >> >> Inotify from: >>> >> >> http://ftp.openbsd.org/pub/OpenBSD/6.0/packages/amd64/ >>> >> >> >>> >> >> pkg_add inotify-tools-3.14pl0.tgz dependency is >>> >> >> libinotify-20160503.tgz >>> >> >> >>> >> > >>> >> > Ok, I haven't tried an agent build yet. >>> >> > >>> >> >> >>> >> >> Thanks >>> >> >> >>> >> >> >>> >> >> >>> >> >> >>> >> >> >>> >> >> 2016-10-03 8:37 GMT-03:00 dan (ddp) <ddp...@gmail.com>: >>> >> >>> >>> >> >>> On Fri, Sep 30, 2016 at 6:19 PM, R0me0 *** <knight....@gmail.com> >>> >> >>> wrote: >>> >> >>> > latest stable 2.8.3 neither openbsd_initify from your >>> >> >>> > repository >>> >> >>> > compiles. >>> >> >>> > >>> >> >>> > ldconfig -r | fgrep inotify >>> >> >>> > >>> >> >>> > linotify.2.0 => /usr/local/lib/inotify/libinotify.so.2.0 >>> >> >>> > >>> >> >>> >>> >> >>> How did you try to build it (MASTER from github)? I'm trying with >>> >> >>> a >>> >> >>> TARGET=server, and it's working for me. >>> >> >>> Try adding: >>> >> >>> V=1 >>> >> >>> to the Makefile. That might provide more information. >>> >> >>> >>> >> >>> -- >>> >> >>> >>> >> >>> --- >>> >> >>> You received this message because you are subscribed to the Google >>> >> >>> Groups >>> >> >>> "ossec-list" group. >>> >> >>> To unsubscribe from this group and stop receiving emails from it, >>> >> >>> send >>> >> >>> an >>> >> >>> email to ossec-list+unsubscr...@googlegroups.com. >>> >> >>> For more options, visit https://groups.google.com/d/optout. >>> >> >> >>> >> >> >>> >> >> -- >>> >> >> >>> >> >> --- >>> >> >> You received this message because you are subscribed to the Google >>> >> >> Groups >>> >> >> "ossec-list" group. >>> >> >> To unsubscribe from this group and stop receiving emails from it, >>> >> >> send >>> >> >> an >>> >> >> email to ossec-list+unsubscr...@googlegroups.com. >>> >> >> For more options, visit https://groups.google.com/d/optout. >>> >> >>> >> -- >>> >> >>> >> --- >>> >> You received this message because you are subscribed to the Google >>> >> Groups >>> >> "ossec-list" group. >>> >> To unsubscribe from this group and stop receiving emails from it, send >>> >> an >>> >> email to ossec-list+unsubscr...@googlegroups.com. >>> >> For more options, visit https://groups.google.com/d/optout. >>> > >>> > >>> > -- >>> > >>> > --- >>> > You received this message because you are subscribed to the Google >>> > Groups >>> > "ossec-list" group. >>> > To unsubscribe from this group and stop receiving emails from it, send >>> > an >>> > email to ossec-list+unsubscr...@googlegroups.com. >>> > For more options, visit https://groups.google.com/d/optout. >>> >>> -- >>> >>> --- >>> You received this message because you are subscribed to the Google Groups >>> "ossec-list" group. >>> To unsubscribe from this group and stop receiving emails from it, send an >>> email to ossec-list+unsubscr...@googlegroups.com. >>> For more options, visit https://groups.google.com/d/optout. >> >> > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to ossec-list+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.