Hello dan ! Real monitoring still not working, but it could be regarding my ossec server running 2.8.3. After I upgraded agent to 2.9 ( which is that cloned ) it stopped to make sums ( md5 sha1 ) so I think is regarding update that real monitor isn't working .
I will need to configure a lab with current branch of ossec and perform all possible tests like report_changes , check_sum ( which at moment isnt working properly with current version I running ) I ran a lot of OpenBSD Thank you so much your time, attention , need to pay a beer for u. Regards, 2016-10-03 14:36 GMT-03:00 R0me0 *** <knight....@gmail.com>: > Hey dannn ! compiled > > + DEFINED+=-DINOTIFY_ENABLED > > It was i didn 't :P > > tail /var/ossec/logs/ossec.log | fgrep "real time" > 2016/10/03 14:22:51 ossec-syscheckd: INFO: Directory set for real time > monitoring: '/etc'. > > I am waiting diff to populate and I will check if real time it really > working > > back soon :) Thank you so much ! > > > > 2016-10-03 14:32 GMT-03:00 dan (ddp) <ddp...@gmail.com>: > >> On Mon, Oct 3, 2016 at 1:16 PM, R0me0 *** <knight....@gmail.com> wrote: >> > Dan , Just have take a look what you changed and I already did it. >> > >> > Just for curiosity I will clone and try to compile >> > >> > :) >> > >> >> It Compiles for Me (TM) >> >> > 2016-10-03 13:58 GMT-03:00 dan (ddp) <ddp...@gmail.com>: >> >> >> >> Found the issue, looks like I forgot to commit a few bits. It should >> work >> >> now. >> >> >> >> On Mon, Oct 3, 2016 at 12:54 PM, dan (ddp) <ddp...@gmail.com> wrote: >> >> > On Mon, Oct 3, 2016 at 12:51 PM, R0me0 *** <knight....@gmail.com> >> wrote: >> >> >> Hello Dan, >> >> >> >> >> >> I tried to compile the last OSSEC stable release >> >> >> https://github.com/ossec/ossec-hids/archive/v2.8.3.tar.gz >> >> >> Also I have cloned https://github.com/ddpbsd/ossec-hids ( >> >> >> openbsd_inotify ) >> >> >> branch >> >> >> Tried the pre-release of OSSEC ( >> >> >> https://github.com/ossec/ossec-hids/archive/2.9rc3.tar.gz ) >> >> >> All of them fail to compile witrh inotify >> >> >> >> >> >> Note: I am trying to compile OSSEC AGENT with inotify support under >> >> >> OpenBSD >> >> >> 6.0 stable branch all patches applied until 009 >> >> >> >> >> >> Inotify from: http://ftp.openbsd.org/pub/Ope >> nBSD/6.0/packages/amd64/ >> >> >> >> >> >> pkg_add inotify-tools-3.14pl0.tgz dependency is >> libinotify-20160503.tgz >> >> >> >> >> > >> >> > Ok, I haven't tried an agent build yet. >> >> > >> >> >> >> >> >> Thanks >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> 2016-10-03 8:37 GMT-03:00 dan (ddp) <ddp...@gmail.com>: >> >> >>> >> >> >>> On Fri, Sep 30, 2016 at 6:19 PM, R0me0 *** <knight....@gmail.com> >> >> >>> wrote: >> >> >>> > latest stable 2.8.3 neither openbsd_initify from your repository >> >> >>> > compiles. >> >> >>> > >> >> >>> > ldconfig -r | fgrep inotify >> >> >>> > >> >> >>> > linotify.2.0 => /usr/local/lib/inotify/libinotify.so.2.0 >> >> >>> > >> >> >>> >> >> >>> How did you try to build it (MASTER from github)? I'm trying with a >> >> >>> TARGET=server, and it's working for me. >> >> >>> Try adding: >> >> >>> V=1 >> >> >>> to the Makefile. That might provide more information. >> >> >>> >> >> >>> -- >> >> >>> >> >> >>> --- >> >> >>> You received this message because you are subscribed to the Google >> >> >>> Groups >> >> >>> "ossec-list" group. >> >> >>> To unsubscribe from this group and stop receiving emails from it, >> send >> >> >>> an >> >> >>> email to ossec-list+unsubscr...@googlegroups.com. >> >> >>> For more options, visit https://groups.google.com/d/optout. >> >> >> >> >> >> >> >> >> -- >> >> >> >> >> >> --- >> >> >> You received this message because you are subscribed to the Google >> >> >> Groups >> >> >> "ossec-list" group. >> >> >> To unsubscribe from this group and stop receiving emails from it, >> send >> >> >> an >> >> >> email to ossec-list+unsubscr...@googlegroups.com. >> >> >> For more options, visit https://groups.google.com/d/optout. >> >> >> >> -- >> >> >> >> --- >> >> You received this message because you are subscribed to the Google >> Groups >> >> "ossec-list" group. >> >> To unsubscribe from this group and stop receiving emails from it, send >> an >> >> email to ossec-list+unsubscr...@googlegroups.com. >> >> For more options, visit https://groups.google.com/d/optout. >> > >> > >> > -- >> > >> > --- >> > You received this message because you are subscribed to the Google >> Groups >> > "ossec-list" group. >> > To unsubscribe from this group and stop receiving emails from it, send >> an >> > email to ossec-list+unsubscr...@googlegroups.com. >> > For more options, visit https://groups.google.com/d/optout. >> >> -- >> >> --- >> You received this message because you are subscribed to the Google Groups >> "ossec-list" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to ossec-list+unsubscr...@googlegroups.com. >> For more options, visit https://groups.google.com/d/optout. >> > > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
