Taking a better look within Makeall file the flag to compile is: cho "EEXTRA=-DUSEINOTIFY" >> Config.OS
tmp/ossec-hids-2.8.3/src/syscheckd/run_realtime.c:172: undefined reference to `inotify_add_watch' collect2: ld returned 1 exit status *** Error 1 in syscheckd (Makefile:15 'syscheck') 2016-09-30 11:46 GMT-03:00 dan (ddp) <ddp...@gmail.com>: > On Fri, Sep 30, 2016 at 9:49 AM, R0me0 *** <knight....@gmail.com> wrote: > > @dann I already set CFLAGS including include directory of inotify.h > without > > success > > > > I've gotten it to compile and not give me errors, but I also don't see > any realtime alerts. > I'll have to find a simple inotify testing program or something to see > if it even works. > > > @Victor without success > > > > :( > > > > I'll keep researching > > > > Thank you guys > > > > > > 2016-09-30 8:12 GMT-03:00 Victor Fernandez <vic...@wazuh.com>: > >> > >> Hello, > >> > >> I've never done this on OpenBSD, but try to force the inotify support > with > >> Make: > >> > >> cd src > >> make TARGET=agent USE_INOTIFY=yes > >> > >> Hope it helps. > >> Regards. > >> > >> > >> On Friday, September 30, 2016 at 12:38:30 AM UTC+2, dan (ddpbsd) wrote: > >>> > >>> On Sep 29, 2016 4:10 PM, "R0me0 ***" <knigh...@gmail.com> wrote: > >>> > > >>> > Hello guys. > >>> > > >>> > I'm trying to use real monitoring. > >>> > > >>> > I have installed inotify-tools from OpenBSD packages > >>> > > >>> > Initially I guess something related with run_realtime.c and I point > >>> > inotify.h path. > >>> > > >>> > But I still without be able to use Real monitoring with the follow > >>> > error in ossec.conf > >>> > > >>> > ( OpenBSD - OSSEC AGENT ) > >>> > > >>> > ossec-syscheckd: WARN: Ignoring flag for real time monitoring on > >>> > directory: '/etc/pf'. > >>> > > >>> > Anyone has this setup working ? Any directions will be really > >>> > appreciated > >>> > > >>> > Thanks in advance, > >>> > > >>> > >>> I spent some time messing with it awhile back, but never got it > working. > >>> There are some Makefile changes you have to make, as well as possible > src > >>> changes. > >>> > >>> > > >>> > > >>> > > >>> > -- > >>> > > >>> > --- > >>> > You received this message because you are subscribed to the Google > >>> > Groups "ossec-list" group. > >>> > To unsubscribe from this group and stop receiving emails from it, > send > >>> > an email to ossec-list+...@googlegroups.com. > >>> > For more options, visit https://groups.google.com/d/optout. > >> > >> -- > >> > >> --- > >> You received this message because you are subscribed to the Google > Groups > >> "ossec-list" group. > >> To unsubscribe from this group and stop receiving emails from it, send > an > >> email to ossec-list+unsubscr...@googlegroups.com. > >> For more options, visit https://groups.google.com/d/optout. > > > > > > -- > > > > --- > > You received this message because you are subscribed to the Google Groups > > "ossec-list" group. > > To unsubscribe from this group and stop receiving emails from it, send an > > email to ossec-list+unsubscr...@googlegroups.com. > > For more options, visit https://groups.google.com/d/optout. > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to ossec-list+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
