Sent from my iPhone
> On Mar 10, 2014, at 9:29 AM, "Julien T" <[email protected]> wrote: > > Hello Jeremy, > > > 2014-03-09 22:58 GMT-04:00 Jeremy Rossi <[email protected]>: >>> >>> It's a work in progress. People interested can check it here >>> https://trac.macports.org/ticket/42533 >>> I included some config/rules for a local install on a client computer but >>> they still need more reviews. And if others want to share more rules, >>> please do! >> >> This is also wonderful. Some of the decoders might be useful to a >> larger group. Would you be willing to to send them upstream? > > Clearly, that's the point of sharing. > Still, if some more people could test them as for now, I just have one setup. > Could you create a pull request? This way we can manage contributions and accept them in a timely manor. http://ossec-docs.readthedocs.org/en/latest/oRFC/orfc-1.html should give you am idea of what to expect. I look forward to reviewing this pull request. >> Main annoying points w ossec are >> * random compiling errors like ranlib size too large. just start again >> command. > >> Do you have the output? Of this I have never seen thing before. > > > >>> > make[2]: Entering directory > `/Users/touche/.macports/opt/local/var/macports/build/_Volumes_Data_myports_security_ossec/ossec/work/ossec-hids-2.7.1/src/analysisd/cdb' > /opt/local/bin/gcc-mp-4.9 -I../ -g -Wall -I../../ -I../../headers > -I/opt/local/include -DDEFAULTDIR=\"/opt/local/var/ossec\" -DLOCAL > -DUSE_OPENSSL -DDarwin -DHIGHFIRST -DARGV0=\"cdb\" -DXML_VAR=\"var\" > -DOSSECHIDS -c cdb.c cdb_hash.c cdb_make.c uint32_pack.c uint32_unpack.c > make[2]: Entering directory > `/Users/touche/.macports/opt/local/var/macports/build/_Volumes_Data_myports_security_ossec/ossec/work/ossec-hids-2.7.1/src/analysisd/cdb' > /opt/local/bin/gcc-mp-4.9 -I../ -g -Wall -I../../ -I../../headers > -I/opt/local/include -DDEFAULTDIR=\"/opt/local/var/ossec\" -DLOCAL > -DUSE_OPENSSL -DDarwin -DHIGHFIRST -DARGV0=\"cdb\" -DXML_VAR=\"var\" > -DOSSECHIDS -c cdb.c cdb_hash.c cdb_make.c uint32_pack.c uint32_unpack.c > ar cru cdb.a cdb.o cdb_hash.o cdb_make.o uint32_pack.o uint32_unpack.o > ar cru cdb.a cdb.o cdb_hash.o cdb_make.o uint32_pack.o uint32_unpack.o > ar cru cdb_make.a cdb.o cdb_hash.o cdb_make.o uint32_pack.o uint32_unpack.o > ranlib cdb.a > ar cru cdb_make.a cdb.o cdb_hash.o cdb_make.o uint32_pack.o uint32_unpack.o > ranlib cdb_make.a > /opt/local/bin/ranlib: archive member: cdb_make.a(cdb.o) size too large > (archive member extends past the end of the file) > ar: internal ranlib command failed > make[2]: Leaving directory > `/Users/touche/.macports/opt/local/var/macports/build/_Volumes_Data_myports_security_ossec/ossec/work/ossec-hids-2.7.1/src/analysisd/cdb' > <<< > The problem seems not fixed to ossec. I have seen on other software, macports > or not and I'm on x86_64 arch. > Some say, just start again make, some split the archive but found nothing > satisfying for now. > https://bugreports.qt-project.org/browse/QTBUG-20619 > https://code.google.com/p/ios-toolchain-based-on-clang-for-linux/issues/detail?id=6 > > >> >>> * the missing part of at least one executable: no "phase 2" in >>> ossec-logtest which also seems to be random. >> >> random anything is not good and is something I would like to know more >> about. If you get some tests of this happening or if you have system >> where you can run logtest 1000 times and get 1 random error I would love >> to know as we can work together to get a tester built to see what is >> going one. > > > I fully agree. > I don't have any automated test frameworkg. > Just, I made the port installed, at the right prefix, I started to check > rules and refined and when discussing them on the list with dan last week, it > seems there was a missing part. And the missing part was in the executable... > I really can't understand how this happening. > Following that, I rebuilt and got the 3 phases, did another time and miss > one... > > Here, also, it will be useful to get feedback of other people/configurations. > I will try in coming days to make a pseudo tester, basically > do loop > build > check strings of ossec-logtest > > and see if there any differences in build log > > > Cheers, > > Julien > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
