On Mon, Jun 24, 2013 at 4:37 PM, David Blanton <[email protected]> wrote: > The queue error is only the Solaris box agent - after I installed 2.7.1 > beta. I'm not too concerned about the duplicate files error - I just > understand why I was getting them because I did not have any duplicates in > ossec.conf. It also prevents analysisd from starting. >
Ok that might make it easier. You still need to check for errors in the log. And analysisd doesn't run on agents, so that shouldn't even try to start. > > On Monday, June 24, 2013 4:29:56 PM UTC-4, dan (ddpbsd) wrote: >> >> On Mon, Jun 24, 2013 at 4:19 PM, David Blanton >> <[email protected]> wrote: >> > Hey dan so when I updated all my agents and server to 2.7.1, it kinda >> > broke >> > everything.. Im getting duplicate directory errors, the Solaris box is >> > saying the queue files cannot be read, and that my agents cannot connect >> > to >> > my server (1514). I'm not sure what happened, when I ran the install >> > script, >> > I just entered y to update. >> > >> >> Are you getting the queue errors on the server or the agents? >> Are there any errors in the ossec.log before the queue errors? >> >> The duplicate directory errors shouldn't be a big deal, they're closer >> to warnings than errors (probably duplication between ossec.conf and >> agent.conf). >> >> > On Monday, June 24, 2013 3:07:39 PM UTC-4, dan (ddpbsd) wrote: >> >> >> >> On Mon, Jun 24, 2013 at 3:04 PM, David Blanton >> >> <[email protected]> wrote: >> >> > One quick thing - do I need to go to 2.7.1 for server and agent? Or >> >> > just >> >> > agent? Will there be any issues with a 2.7.1 agent communicating with >> >> > a >> >> > 2.7 >> >> > server? >> >> > >> >> >> >> It's best if you keep them in sync. When in doubt the server should be >> >> higher version than the agent. I haven't personally tried it any other >> >> way. >> >> >> >> > >> >> > On Monday, June 24, 2013 12:52:58 PM UTC-4, dan (ddpbsd) wrote: >> >> >> >> >> >> On Mon, Jun 24, 2013 at 12:42 PM, David Blanton >> >> >> <[email protected]> wrote: >> >> >> > Here is the full message I get during the make. I noticed in an >> >> >> > older >> >> >> > thread >> >> >> > you posted a fix and was wondering if there was any other concrete >> >> >> > fixes >> >> >> > you >> >> >> > have available. >> >> >> > >> >> >> >> >> >> 2.7.1 is full of fixes, including this one.Some legacy systems like >> >> >> Solaris don't have strnlen, so adjustments have to be made. 2.7.1 >> >> >> should fix this right up. >> >> >> >> >> >> > *** Making os_csyslogd *** >> >> >> > >> >> >> > gcc -g -Wall -I../ -I../headers >> >> >> > -DDEFAULTDIR=\"/home/dblanton/ossec\" >> >> >> > -DCLIENT -DSOLARIS -DHIGHFIRST -DARGV0=\"ossec-csyslogd\" >> >> >> > -DXML_VAR=\"var\" -DOSSECHIDS -lsocket -lnsl -lresolv *.c >> >> >> > ../config/lib_config.a ../shared/lib_shared.a ../os_net/os_net.a >> >> >> > ../os_regex/os_regex.a ../os_xml/os_xml.a -o ossec-csyslogd >> >> >> > csyslogd.c: In function `field_add_string': >> >> >> > csyslogd.c:117: warning: implicit declaration of function >> >> >> > `strnlen' >> >> >> > Undefined first referenced >> >> >> > symbol in file >> >> >> > strnlen /var/tmp//cc9GyBBv.o >> >> >> > ld: fatal: Symbol referencing errors. No output written to >> >> >> > ossec-csyslogd >> >> >> > collect2: ld returned 1 exit status >> >> >> > *** Error code 1 >> >> >> > make: Fatal error: Command failed for target `default' >> >> >> > Current working directory >> >> >> > /home/dblanton/ossec-install/ossec-hids-2.7/src/os_csyslogd >> >> >> > >> >> >> > >> >> >> > Error Making os_csyslogd >> >> >> > *** Error code 1 >> >> >> > The following command caused the error: >> >> >> > /bin/sh ./Makeall all >> >> >> > make: Fatal error: Command failed for target `all' >> >> >> > >> >> >> > Error 0x5. >> >> >> > Building error. Unable to finish the installation. >> >> >> > >> >> >> > >> >> >> > >> >> >> > On Monday, June 24, 2013 12:21:16 PM UTC-4, dan (ddpbsd) wrote: >> >> >> >> >> >> >> >> On Mon, Jun 24, 2013 at 11:59 AM, David Blanton >> >> >> >> <[email protected]> wrote: >> >> >> >> > The error I am getting during the installation process: >> >> >> >> > >> >> >> >> > Error Making os_csyslogd >> >> >> >> > *** Error code 1 >> >> >> >> > The following command caused the error: >> >> >> >> > /bin/sh ./Makeall all >> >> >> >> > make: Fatal error: Command failed for target `all' >> >> >> >> > >> >> >> >> > Error 0x5. >> >> >> >> > Building error. Unable to finish the installation. >> >> >> >> > >> >> >> >> >> >> >> >> I have to believe there is an actual error message before this. >> >> >> >> >> >> >> >> > >> >> >> >> > I tried the solution #vi install.sh >> >> >> >> > >> >> >> >> > and change the first line of code from #!bin/sh to #!bin/bash >> >> >> >> > however >> >> >> >> > it >> >> >> >> > did >> >> >> >> > not work. >> >> >> >> > >> >> >> >> > I also tried to find that error line by / /Makeall all in vi >> >> >> >> > however >> >> >> >> > it >> >> >> >> > could not find it. Any tips? >> >> >> >> > >> >> >> >> > -- >> >> >> >> > >> >> >> >> > --- >> >> >> >> > You received this message because you are subscribed to the >> >> >> >> > Google >> >> >> >> > Groups >> >> >> >> > "ossec-list" group. >> >> >> >> > To unsubscribe from this group and stop receiving emails from >> >> >> >> > it, >> >> >> >> > send >> >> >> >> > an >> >> >> >> > email to [email protected]. >> >> >> >> > For more options, visit >> >> >> >> > https://groups.google.com/groups/opt_out. >> >> >> >> > >> >> >> >> > >> >> >> > >> >> >> > -- >> >> >> > >> >> >> > --- >> >> >> > You received this message because you are subscribed to the Google >> >> >> > Groups >> >> >> > "ossec-list" group. >> >> >> > To unsubscribe from this group and stop receiving emails from it, >> >> >> > send >> >> >> > an >> >> >> > email to [email protected]. >> >> >> > For more options, visit https://groups.google.com/groups/opt_out. >> >> >> > >> >> >> > >> >> > >> >> > -- >> >> > >> >> > --- >> >> > You received this message because you are subscribed to the Google >> >> > Groups >> >> > "ossec-list" group. >> >> > To unsubscribe from this group and stop receiving emails from it, >> >> > send >> >> > an >> >> > email to [email protected]. >> >> > For more options, visit https://groups.google.com/groups/opt_out. >> >> > >> >> > >> > >> > -- >> > >> > --- >> > You received this message because you are subscribed to the Google >> > Groups >> > "ossec-list" group. >> > To unsubscribe from this group and stop receiving emails from it, send >> > an >> > email to [email protected]. >> > For more options, visit https://groups.google.com/groups/opt_out. >> > >> > > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/groups/opt_out. > > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
