latest stable 2.8.3 neither openbsd_initify from your repository compiles.
ldconfig -r | fgrep inotify linotify.2.0 => /usr/local/lib/inotify/libinotify.so.2.0 Thank you If you need anything else let me know 2016-09-30 17:25 GMT-03:00 dan (ddp) <ddp...@gmail.com>: > On Sep 30, 2016 3:44 PM, "R0me0 ***" <knight....@gmail.com> wrote: > > > > Dan I haved cloned openbsd_inotify > > > > and isnt compile > > > > + -I/usr/local/include/inotify > > > > > > > > > > ifeq (${uname_S},OpenBSD) > > # DEFINES+=-DOpenBSD > > DEFINES+=-pthread > > LUA_PLAT=posix > > CFLAGS+=-I/usr/local/include > -I/usr/local/include/inotify > > OSSEC_LDFLAGS+=-L/usr/local/lib > > > > > > > > > > > > shared.a(validate_op.o): In function `OS_IsValidIP': > > validate_op.c:(.text+0xa9b): warning: warning: strcpy() is almost always > misused, please use strlcpy() > > shared.a(hash_op.o): In function `OSHash_setSize': > > hash_op.c:(.text+0x366): warning: warning: random() may return > deterministic values, is that what you want? > > syscheckd/run_realtime.o: In function `realtime_start': > > run_realtime.c:(.text+0x5e): undefined reference to `inotify_init' > > syscheckd/run_realtime.o: In function `realtime_adddir': > > run_realtime.c:(.text+0x131): undefined reference to `inotify_add_watch' > > collect2: ld returned 1 exit status > > gmake: *** [Makefile:975: ossec-syscheckd] Error 1 > > > > Error 0x5. > > Building error. Unable to finish the installation. > > > > > > > > same error from OSSEC 2.9 RC3 > > > > > > From OpenBSD 6.0 AMD64 Pkg's -> /var/db/pkg/libinotify-20160503 > > > > > > Make aure libinotify ahows up when you `ldconfig -r` > > Other than that, I'll have to take a closer look later > > > > > > > > > > > > > > > > > 2016-09-30 15:52 GMT-03:00 R0me0 *** <knight....@gmail.com>: > >> > >> I am using 2.8.3 version and is a little bit different. Anyway I have > made all changes in sources files without success. > >> > >> Another very interesting point is: > >> > >> report_changes=yes > >> > >> isnt reporting the diff's just sum changes. > >> > >> Thank you guys ! really really appreciated your help ! > >> > >> :) > >> > >> > >> > >> > >> > >> > >> > >> > >> > >> 2016-09-30 13:13 GMT-03:00 dan (ddp) <ddp...@gmail.com>: > >>> > >>> On Fri, Sep 30, 2016 at 11:07 AM, R0me0 *** <knight....@gmail.com> > wrote: > >>> > Taking a better look within Makeall file the flag to compile is: cho > >>> > "EEXTRA=-DUSEINOTIFY" >> Config.OS > >>> > > >>> > tmp/ossec-hids-2.8.3/src/syscheckd/run_realtime.c:172: undefined > reference > >>> > to `inotify_add_watch' > >>> > collect2: ld returned 1 exit status > >>> > *** Error 1 in syscheckd (Makefile:15 'syscheck') > >>> > > >>> > >>> I'm using MASTER from github, but here are the changes I made to get > >>> it to compile: > >>> https://github.com/ddpbsd/ossec-hids/commits/openbsd_inotify > >>> > >>> > >>> > > >>> > > >>> > 2016-09-30 11:46 GMT-03:00 dan (ddp) <ddp...@gmail.com>: > >>> >> > >>> >> On Fri, Sep 30, 2016 at 9:49 AM, R0me0 *** <knight....@gmail.com> > wrote: > >>> >> > @dann I already set CFLAGS including include directory of > inotify.h > >>> >> > without > >>> >> > success > >>> >> > > >>> >> > >>> >> I've gotten it to compile and not give me errors, but I also don't > see > >>> >> any realtime alerts. > >>> >> I'll have to find a simple inotify testing program or something to > see > >>> >> if it even works. > >>> >> > >>> >> > @Victor without success > >>> >> > > >>> >> > :( > >>> >> > > >>> >> > I'll keep researching > >>> >> > > >>> >> > Thank you guys > >>> >> > > >>> >> > > >>> >> > 2016-09-30 8:12 GMT-03:00 Victor Fernandez <vic...@wazuh.com>: > >>> >> >> > >>> >> >> Hello, > >>> >> >> > >>> >> >> I've never done this on OpenBSD, but try to force the inotify > support > >>> >> >> with > >>> >> >> Make: > >>> >> >> > >>> >> >> cd src > >>> >> >> make TARGET=agent USE_INOTIFY=yes > >>> >> >> > >>> >> >> Hope it helps. > >>> >> >> Regards. > >>> >> >> > >>> >> >> > >>> >> >> On Friday, September 30, 2016 at 12:38:30 AM UTC+2, dan (ddpbsd) > wrote: > >>> >> >>> > >>> >> >>> On Sep 29, 2016 4:10 PM, "R0me0 ***" <knigh...@gmail.com> > wrote: > >>> >> >>> > > >>> >> >>> > Hello guys. > >>> >> >>> > > >>> >> >>> > I'm trying to use real monitoring. > >>> >> >>> > > >>> >> >>> > I have installed inotify-tools from OpenBSD packages > >>> >> >>> > > >>> >> >>> > Initially I guess something related with run_realtime.c and I > point > >>> >> >>> > inotify.h path. > >>> >> >>> > > >>> >> >>> > But I still without be able to use Real monitoring with the > follow > >>> >> >>> > error in ossec.conf > >>> >> >>> > > >>> >> >>> > ( OpenBSD - OSSEC AGENT ) > >>> >> >>> > > >>> >> >>> > ossec-syscheckd: WARN: Ignoring flag for real time monitoring > on > >>> >> >>> > directory: '/etc/pf'. > >>> >> >>> > > >>> >> >>> > Anyone has this setup working ? Any directions will be really > >>> >> >>> > appreciated > >>> >> >>> > > >>> >> >>> > Thanks in advance, > >>> >> >>> > > >>> >> >>> > >>> >> >>> I spent some time messing with it awhile back, but never got it > >>> >> >>> working. > >>> >> >>> There are some Makefile changes you have to make, as well as > possible > >>> >> >>> src > >>> >> >>> changes. > >>> >> >>> > >>> >> >>> > > >>> >> >>> > > >>> >> >>> > > >>> >> >>> > -- > >>> >> >>> > > >>> >> >>> > --- > >>> >> >>> > You received this message because you are subscribed to the > Google > >>> >> >>> > Groups "ossec-list" group. > >>> >> >>> > To unsubscribe from this group and stop receiving emails from > it, > >>> >> >>> > send > >>> >> >>> > an email to ossec-list+...@googlegroups.com. > >>> >> >>> > For more options, visit https://groups.google.com/d/optout. > >>> >> >> > >>> >> >> -- > >>> >> >> > >>> >> >> --- > >>> >> >> You received this message because you are subscribed to the > Google > >>> >> >> Groups > >>> >> >> "ossec-list" group. > >>> >> >> To unsubscribe from this group and stop receiving emails from > it, send > >>> >> >> an > >>> >> >> email to ossec-list+unsubscr...@googlegroups.com. > >>> >> >> For more options, visit https://groups.google.com/d/optout. > >>> >> > > >>> >> > > >>> >> > -- > >>> >> > > >>> >> > --- > >>> >> > You received this message because you are subscribed to the Google > >>> >> > Groups > >>> >> > "ossec-list" group. > >>> >> > To unsubscribe from this group and stop receiving emails from it, > send > >>> >> > an > >>> >> > email to ossec-list+unsubscr...@googlegroups.com. > >>> >> > For more options, visit https://groups.google.com/d/optout. > >>> >> > >>> >> -- > >>> >> > >>> >> --- > >>> >> You received this message because you are subscribed to the Google > Groups > >>> >> "ossec-list" group. > >>> >> To unsubscribe from this group and stop receiving emails from it, > send an > >>> >> email to ossec-list+unsubscr...@googlegroups.com. > >>> >> For more options, visit https://groups.google.com/d/optout. > >>> > > >>> > > >>> > -- > >>> > > >>> > --- > >>> > You received this message because you are subscribed to the Google > Groups > >>> > "ossec-list" group. > >>> > To unsubscribe from this group and stop receiving emails from it, > send an > >>> > email to ossec-list+unsubscr...@googlegroups.com. > >>> > For more options, visit https://groups.google.com/d/optout. > >>> > >>> -- > >>> > >>> --- > >>> You received this message because you are subscribed to the Google > Groups "ossec-list" group. > >>> To unsubscribe from this group and stop receiving emails from it, send > an email to ossec-list+unsubscr...@googlegroups.com. > >>> For more options, visit https://groups.google.com/d/optout. > >> > >> > > > > -- > > > > --- > > You received this message because you are subscribed to the Google > Groups "ossec-list" group. > > To unsubscribe from this group and stop receiving emails from it, send > an email to ossec-list+unsubscr...@googlegroups.com. > > For more options, visit https://groups.google.com/d/optout. > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to ossec-list+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.