Re: [ossec-list] Unable to install OSSEC Agent

[dan (ddp)]

Openssl is what you need to run binaries, the devel version is what you
need to build the binaries. A precompiled version of ossec probably only
needs the openssl package.
I don’t know why they broke it up into 2 packages, but it’s not my
decision.

On Tue, Apr 21, 2020 at 1:39 PM Andy  wrote:

> This fixed it, thanks!
> What is the different b/w openssl and the devel option?
>
> On Tuesday, April 21, 2020 at 11:15:24 AM UTC-4, dan (ddpbsd) wrote:
>>
>> Openssl or openssl-devel?
>>
>> On Tue, Apr 21, 2020 at 10:29 AM Luke Boguslaw 
>> wrote:
>>
>>> I also had to install zlib-devel.
>>> But now I get this error:
>>> [image: image.png]
>>> So I install openssl, but it says it is already installed...
>>>
>>> On Tue, Apr 21, 2020 at 9:37 AM dan (ddp)  wrote:
>>>
 The installation documentation has a list of pre requisite packages
 that should be installed. In this case it’s libevet-devel

 On Tue, Apr 21, 2020 at 7:49 AM Luke Boguslaw 
 wrote:

>>> I did a make clean, then ran install with PCRE2_SYSTEM=yes, but am
> getting this error now:
> [image: image.png]
>
> On Mon, Apr 20, 2020 at 10:34 PM David Williams 
> wrote:
>
 Andy,
>> How about this:
>> yum info pcre2-devel
>> Note the "2:" pcre2-devel
>> -David
>>
>>
>> On 4/20/20 7:43 PM, Luke Boguslaw wrote:
>> > It is telling me that pcre-utf does not exist, and pcre-devel is
>> already
>> > installed.
>> >
>> > On Mon, Apr 20, 2020 at 5:30 PM David Williams <
>> dave...@kayakero.net
>> > > wrote:
>> >
>> > Andy,
>> > I believe there are seperate pcre2 packages. I have
>> these
>> > installed:
>> >
>> > pcre-8.32-17.el7.x86_64
>> > pcre2-utf16-10.23-2.el7.x86_64
>> > pcre2-10.23-2.el7.x86_64
>> > pcre2-devel-10.23-2.el7.x86_64
>> > pcre-8.32-17.el7.i686
>> > pcre2-utf32-10.23-2.el7.x86_64
>> >
>> >
>> > -David
>> >
>> > On 4/20/20 2:09 PM, Andy wrote:
>> > > I am unable to install the ossec agent on a centos 7 server.
>> I
>> > get this
>> > > error:
>> > > |
>> > > In file included from ./headers/shared.h:215:0,
>> > >  from client-agent/sendmsg.c:10:
>> > > ./os_regex/os_regex.h:19:19: fatal error: pcre2.h: No such
>> file or
>> > directory
>> > >  #include 
>> > > |
>> > >
>> > > After installing pcre-devel, it still fails with this error.
>> > >
>> > > --
>> > >
>> > > ---
>> > > You received this message because you are subscribed to the
>> Google
>> > > Groups "ossec-list" group.
>> > > To unsubscribe from this group and stop receiving emails from
>> it, send
>>
> > > an email to ossec...@googlegroups.com
>> > 
>> > > > > >.
>> > > To view this discussion on the web visit
>> > >
>> >
>> https://groups.google.com/d/msgid/ossec-list/87a1b5ac-5b1d-476c-bda7-1c1dfc8cdae3%40googlegroups.com
>> > >
>> > <
>> https://groups.google.com/d/msgid/ossec-list/87a1b5ac-5b1d-476c-bda7-1c1dfc8cdae3%40googlegroups.com?utm_medium=email_source=footer
>> >.
>> >
>> > --
>> >
>> > GPG (http://www.gnupg.org/) key available from:
>> > http://www.kayakero.net/per/david/
>> >
>> > --
>> >
>> > ---
>> > You received this message because you are subscribed to the
>> Google
>> > Groups "ossec-list" group.
>> > To unsubscribe from this group and stop receiving emails from
>> it,
>> > send an email to ossec...@googlegroups.com
>> > .
>> > To view this discussion on the web visit
>> >
>> https://groups.google.com/d/msgid/ossec-list/cab8fad4-032e-f5ba-4390-e3285aa8bf9e%40kayakero.net
>> .
>> >
>> > --
>> >
>> > ---
>> > You received this message because you are subscribed to the Google
>> > Groups "ossec-list" group.
>> > To unsubscribe from this group and stop receiving emails from it,
>> send
>> > an email to ossec...@googlegroups.com
>> > .
>> > To view this discussion on the web visit
>> >
>> https://groups.google.com/d/msgid/ossec-list/CABX9L-gdpq-JthSt-XW0V1bv49kwAVdXvB43s6rD%3D-WFm2-XRQ%40mail.gmail.com
>> > <
>> https://groups.google.com/d/msgid/ossec-list/CABX9L-gdpq-JthSt-XW0V1bv49kwAVdXvB43s6rD%3D-WFm2-XRQ%40mail.gmail.com?utm_medium=email_source=footer
>> >.
>>
>> --
>>
>> GPG 

Re: [ossec-list] Unable to install OSSEC Agent

[Andy]

This fixed it, thanks!
What is the different b/w openssl and the devel option? 

-- 

--- 
You received this message because you are subscribed to the Google Groups 
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ossec-list+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ossec-list/e2d2a55c-71de-4bf4-8af5-9da67b7afe1a%40googlegroups.com.

Re: [ossec-list] Unable to install OSSEC Agent

[Andy]

This fixed it, thanks!
What is the different b/w openssl and the devel option? 

On Tuesday, April 21, 2020 at 11:15:24 AM UTC-4, dan (ddpbsd) wrote:
>
> Openssl or openssl-devel?
>
> On Tue, Apr 21, 2020 at 10:29 AM Luke Boguslaw  > wrote:
>
>> I also had to install zlib-devel.
>> But now I get this error:
>> [image: image.png]
>> So I install openssl, but it says it is already installed... 
>>
>> On Tue, Apr 21, 2020 at 9:37 AM dan (ddp) > 
>> wrote:
>>
>>> The installation documentation has a list of pre requisite packages that 
>>> should be installed. In this case it’s libevet-devel
>>>
>>> On Tue, Apr 21, 2020 at 7:49 AM Luke Boguslaw >> > wrote:
>>>
 I did a make clean, then ran install with PCRE2_SYSTEM=yes, but am 
 getting this error now:
 [image: image.png]

 On Mon, Apr 20, 2020 at 10:34 PM David Williams >>> > wrote:

> Andy,
> How about this:
> yum info pcre2-devel
> Note the "2:" pcre2-devel
> -David
>
>
> On 4/20/20 7:43 PM, Luke Boguslaw wrote:
> > It is telling me that pcre-utf does not exist, and pcre-devel is 
> already
> > installed. 
> > 
> > On Mon, Apr 20, 2020 at 5:30 PM David Williams  
> > > wrote:
> > 
> > Andy,
> > I believe there are seperate pcre2 packages. I have these
> > installed:
> > 
> > pcre-8.32-17.el7.x86_64
> > pcre2-utf16-10.23-2.el7.x86_64
> > pcre2-10.23-2.el7.x86_64
> > pcre2-devel-10.23-2.el7.x86_64
> > pcre-8.32-17.el7.i686
> > pcre2-utf32-10.23-2.el7.x86_64
> > 
> > 
> > -David
> > 
> > On 4/20/20 2:09 PM, Andy wrote:
> > > I am unable to install the ossec agent on a centos 7 server.  I
> > get this
> > > error:
> > > |
> > > In file included from ./headers/shared.h:215:0,
> > >  from client-agent/sendmsg.c:10:
> > > ./os_regex/os_regex.h:19:19: fatal error: pcre2.h: No such 
> file or
> > directory
> > >  #include 
> > > |
> > >
> > > After installing pcre-devel, it still fails with this error. 
> > >
> > > --
> > >
> > > ---
> > > You received this message because you are subscribed to the 
> Google
> > > Groups "ossec-list" group.
> > > To unsubscribe from this group and stop receiving emails from 
> it, send
> > > an email to ossec...@googlegroups.com 
> > 
> > >  >  >>.
> > > To view this discussion on the web visit
> > >
> > 
> https://groups.google.com/d/msgid/ossec-list/87a1b5ac-5b1d-476c-bda7-1c1dfc8cdae3%40googlegroups.com
> > >
> > <
> https://groups.google.com/d/msgid/ossec-list/87a1b5ac-5b1d-476c-bda7-1c1dfc8cdae3%40googlegroups.com?utm_medium=email_source=footer
> >.
> > 
> > -- 
> > 
> > GPG (http://www.gnupg.org/) key available from:
> > http://www.kayakero.net/per/david/
> > 
> > -- 
> > 
> > ---
> > You received this message because you are subscribed to the 
> Google
> > Groups "ossec-list" group.
> > To unsubscribe from this group and stop receiving emails from it,
> > send an email to ossec...@googlegroups.com 
> >  >.
> > To view this discussion on the web visit
> > 
> https://groups.google.com/d/msgid/ossec-list/cab8fad4-032e-f5ba-4390-e3285aa8bf9e%40kayakero.net
> .
> > 
> > -- 
> > 
> > ---
> > You received this message because you are subscribed to the Google
> > Groups "ossec-list" group.
> > To unsubscribe from this group and stop receiving emails from it, 
> send
> > an email to ossec...@googlegroups.com 
> > .
> > To view this discussion on the web visit
> > 
> https://groups.google.com/d/msgid/ossec-list/CABX9L-gdpq-JthSt-XW0V1bv49kwAVdXvB43s6rD%3D-WFm2-XRQ%40mail.gmail.com
> > <
> https://groups.google.com/d/msgid/ossec-list/CABX9L-gdpq-JthSt-XW0V1bv49kwAVdXvB43s6rD%3D-WFm2-XRQ%40mail.gmail.com?utm_medium=email_source=footer
> >.
>
> -- 
>
> GPG (http://www.gnupg.org/) key available from:
> http://www.kayakero.net/per/david/
>
> -- 
>
> --- 
> You received this message because you are subscribed to the Google 
> Groups "ossec-list" group.
> To unsubscribe from this group and stop receiving emails from it, send 
> an email to ossec...@googlegroups.com .
> To view this discussion on the web visit 
> 

Re: [ossec-list] Unable to install OSSEC Agent

[dan (ddp)]

Openssl or openssl-devel?

On Tue, Apr 21, 2020 at 10:29 AM Luke Boguslaw 
wrote:

> I also had to install zlib-devel.
> But now I get this error:
> [image: image.png]
> So I install openssl, but it says it is already installed...
>
> On Tue, Apr 21, 2020 at 9:37 AM dan (ddp)  wrote:
>
>> The installation documentation has a list of pre requisite packages that
>> should be installed. In this case it’s libevet-devel
>>
>> On Tue, Apr 21, 2020 at 7:49 AM Luke Boguslaw 
>> wrote:
>>
>>> I did a make clean, then ran install with PCRE2_SYSTEM=yes, but am
>>> getting this error now:
>>> [image: image.png]
>>>
>>> On Mon, Apr 20, 2020 at 10:34 PM David Williams 
>>> wrote:
>>>
 Andy,
 How about this:
 yum info pcre2-devel
 Note the "2:" pcre2-devel
 -David


 On 4/20/20 7:43 PM, Luke Boguslaw wrote:
 > It is telling me that pcre-utf does not exist, and pcre-devel is
 already
 > installed.
 >
 > On Mon, Apr 20, 2020 at 5:30 PM David Williams >>> > > wrote:
 >
 > Andy,
 > I believe there are seperate pcre2 packages. I have these
 > installed:
 >
 > pcre-8.32-17.el7.x86_64
 > pcre2-utf16-10.23-2.el7.x86_64
 > pcre2-10.23-2.el7.x86_64
 > pcre2-devel-10.23-2.el7.x86_64
 > pcre-8.32-17.el7.i686
 > pcre2-utf32-10.23-2.el7.x86_64
 >
 >
 > -David
 >
 > On 4/20/20 2:09 PM, Andy wrote:
 > > I am unable to install the ossec agent on a centos 7 server.  I
 > get this
 > > error:
 > > |
 > > In file included from ./headers/shared.h:215:0,
 > >  from client-agent/sendmsg.c:10:
 > > ./os_regex/os_regex.h:19:19: fatal error: pcre2.h: No such file
 or
 > directory
 > >  #include 
 > > |
 > >
 > > After installing pcre-devel, it still fails with this error.
 > >
 > > --
 > >
 > > ---
 > > You received this message because you are subscribed to the
 Google
 > > Groups "ossec-list" group.
 > > To unsubscribe from this group and stop receiving emails from
 it, send
 > > an email to ossec-list+unsubscr...@googlegroups.com
 > 
 > >  >.
 > > To view this discussion on the web visit
 > >
 >
 https://groups.google.com/d/msgid/ossec-list/87a1b5ac-5b1d-476c-bda7-1c1dfc8cdae3%40googlegroups.com
 > >
 > <
 https://groups.google.com/d/msgid/ossec-list/87a1b5ac-5b1d-476c-bda7-1c1dfc8cdae3%40googlegroups.com?utm_medium=email_source=footer
 >.
 >
 > --
 >
 > GPG (http://www.gnupg.org/) key available from:
 > http://www.kayakero.net/per/david/
 >
 > --
 >
 > ---
 > You received this message because you are subscribed to the Google
 > Groups "ossec-list" group.
 > To unsubscribe from this group and stop receiving emails from it,
 > send an email to ossec-list+unsubscr...@googlegroups.com
 > .
 > To view this discussion on the web visit
 >
 https://groups.google.com/d/msgid/ossec-list/cab8fad4-032e-f5ba-4390-e3285aa8bf9e%40kayakero.net
 .
 >
 > --
 >
 > ---
 > You received this message because you are subscribed to the Google
 > Groups "ossec-list" group.
 > To unsubscribe from this group and stop receiving emails from it, send
 > an email to ossec-list+unsubscr...@googlegroups.com
 > .
 > To view this discussion on the web visit
 >
 https://groups.google.com/d/msgid/ossec-list/CABX9L-gdpq-JthSt-XW0V1bv49kwAVdXvB43s6rD%3D-WFm2-XRQ%40mail.gmail.com
 > <
 https://groups.google.com/d/msgid/ossec-list/CABX9L-gdpq-JthSt-XW0V1bv49kwAVdXvB43s6rD%3D-WFm2-XRQ%40mail.gmail.com?utm_medium=email_source=footer
 >.

 --

 GPG (http://www.gnupg.org/) key available from:
 http://www.kayakero.net/per/david/

 --

 ---
 You received this message because you are subscribed to the Google
 Groups "ossec-list" group.
 To unsubscribe from this group and stop receiving emails from it, send
 an email to ossec-list+unsubscr...@googlegroups.com.
 To view this discussion on the web visit
 https://groups.google.com/d/msgid/ossec-list/19948dfd-4a75-ebc9-e7d7-44e5265fb86c%40kayakero.net
 .

>>> --
>>>
>>> ---
>>> You received this message because you are subscribed to the Google
>>> Groups "ossec-list" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to 

Re: [ossec-list] Unable to install OSSEC Agent

[Luke Boguslaw]

I also had to install zlib-devel.
But now I get this error:
[image: image.png]
So I install openssl, but it says it is already installed...

On Tue, Apr 21, 2020 at 9:37 AM dan (ddp)  wrote:

> The installation documentation has a list of pre requisite packages that
> should be installed. In this case it’s libevet-devel
>
> On Tue, Apr 21, 2020 at 7:49 AM Luke Boguslaw 
> wrote:
>
>> I did a make clean, then ran install with PCRE2_SYSTEM=yes, but am
>> getting this error now:
>> [image: image.png]
>>
>> On Mon, Apr 20, 2020 at 10:34 PM David Williams 
>> wrote:
>>
>>> Andy,
>>> How about this:
>>> yum info pcre2-devel
>>> Note the "2:" pcre2-devel
>>> -David
>>>
>>>
>>> On 4/20/20 7:43 PM, Luke Boguslaw wrote:
>>> > It is telling me that pcre-utf does not exist, and pcre-devel is
>>> already
>>> > installed.
>>> >
>>> > On Mon, Apr 20, 2020 at 5:30 PM David Williams >> > > wrote:
>>> >
>>> > Andy,
>>> > I believe there are seperate pcre2 packages. I have these
>>> > installed:
>>> >
>>> > pcre-8.32-17.el7.x86_64
>>> > pcre2-utf16-10.23-2.el7.x86_64
>>> > pcre2-10.23-2.el7.x86_64
>>> > pcre2-devel-10.23-2.el7.x86_64
>>> > pcre-8.32-17.el7.i686
>>> > pcre2-utf32-10.23-2.el7.x86_64
>>> >
>>> >
>>> > -David
>>> >
>>> > On 4/20/20 2:09 PM, Andy wrote:
>>> > > I am unable to install the ossec agent on a centos 7 server.  I
>>> > get this
>>> > > error:
>>> > > |
>>> > > In file included from ./headers/shared.h:215:0,
>>> > >  from client-agent/sendmsg.c:10:
>>> > > ./os_regex/os_regex.h:19:19: fatal error: pcre2.h: No such file
>>> or
>>> > directory
>>> > >  #include 
>>> > > |
>>> > >
>>> > > After installing pcre-devel, it still fails with this error.
>>> > >
>>> > > --
>>> > >
>>> > > ---
>>> > > You received this message because you are subscribed to the
>>> Google
>>> > > Groups "ossec-list" group.
>>> > > To unsubscribe from this group and stop receiving emails from
>>> it, send
>>> > > an email to ossec-list+unsubscr...@googlegroups.com
>>> > 
>>> > > >> > >.
>>> > > To view this discussion on the web visit
>>> > >
>>> >
>>> https://groups.google.com/d/msgid/ossec-list/87a1b5ac-5b1d-476c-bda7-1c1dfc8cdae3%40googlegroups.com
>>> > >
>>> > <
>>> https://groups.google.com/d/msgid/ossec-list/87a1b5ac-5b1d-476c-bda7-1c1dfc8cdae3%40googlegroups.com?utm_medium=email_source=footer
>>> >.
>>> >
>>> > --
>>> >
>>> > GPG (http://www.gnupg.org/) key available from:
>>> > http://www.kayakero.net/per/david/
>>> >
>>> > --
>>> >
>>> > ---
>>> > You received this message because you are subscribed to the Google
>>> > Groups "ossec-list" group.
>>> > To unsubscribe from this group and stop receiving emails from it,
>>> > send an email to ossec-list+unsubscr...@googlegroups.com
>>> > .
>>> > To view this discussion on the web visit
>>> >
>>> https://groups.google.com/d/msgid/ossec-list/cab8fad4-032e-f5ba-4390-e3285aa8bf9e%40kayakero.net
>>> .
>>> >
>>> > --
>>> >
>>> > ---
>>> > You received this message because you are subscribed to the Google
>>> > Groups "ossec-list" group.
>>> > To unsubscribe from this group and stop receiving emails from it, send
>>> > an email to ossec-list+unsubscr...@googlegroups.com
>>> > .
>>> > To view this discussion on the web visit
>>> >
>>> https://groups.google.com/d/msgid/ossec-list/CABX9L-gdpq-JthSt-XW0V1bv49kwAVdXvB43s6rD%3D-WFm2-XRQ%40mail.gmail.com
>>> > <
>>> https://groups.google.com/d/msgid/ossec-list/CABX9L-gdpq-JthSt-XW0V1bv49kwAVdXvB43s6rD%3D-WFm2-XRQ%40mail.gmail.com?utm_medium=email_source=footer
>>> >.
>>>
>>> --
>>>
>>> GPG (http://www.gnupg.org/) key available from:
>>> http://www.kayakero.net/per/david/
>>>
>>> --
>>>
>>> ---
>>> You received this message because you are subscribed to the Google
>>> Groups "ossec-list" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to ossec-list+unsubscr...@googlegroups.com.
>>> To view this discussion on the web visit
>>> https://groups.google.com/d/msgid/ossec-list/19948dfd-4a75-ebc9-e7d7-44e5265fb86c%40kayakero.net
>>> .
>>>
>> --
>>
>> ---
>> You received this message because you are subscribed to the Google Groups
>> "ossec-list" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to ossec-list+unsubscr...@googlegroups.com.
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/ossec-list/CABX9L-j9DBPBWJ_w95NWNZKapRqW21942rBipNeqBAzhR3qnCw%40mail.gmail.com
>> 

Re: [ossec-list] Unable to install OSSEC Agent

[dan (ddp)]

The installation documentation has a list of pre requisite packages that
should be installed. In this case it’s libevet-devel

On Tue, Apr 21, 2020 at 7:49 AM Luke Boguslaw  wrote:

> I did a make clean, then ran install with PCRE2_SYSTEM=yes, but am getting
> this error now:
> [image: image.png]
>
> On Mon, Apr 20, 2020 at 10:34 PM David Williams 
> wrote:
>
>> Andy,
>> How about this:
>> yum info pcre2-devel
>> Note the "2:" pcre2-devel
>> -David
>>
>>
>> On 4/20/20 7:43 PM, Luke Boguslaw wrote:
>> > It is telling me that pcre-utf does not exist, and pcre-devel is already
>> > installed.
>> >
>> > On Mon, Apr 20, 2020 at 5:30 PM David Williams > > > wrote:
>> >
>> > Andy,
>> > I believe there are seperate pcre2 packages. I have these
>> > installed:
>> >
>> > pcre-8.32-17.el7.x86_64
>> > pcre2-utf16-10.23-2.el7.x86_64
>> > pcre2-10.23-2.el7.x86_64
>> > pcre2-devel-10.23-2.el7.x86_64
>> > pcre-8.32-17.el7.i686
>> > pcre2-utf32-10.23-2.el7.x86_64
>> >
>> >
>> > -David
>> >
>> > On 4/20/20 2:09 PM, Andy wrote:
>> > > I am unable to install the ossec agent on a centos 7 server.  I
>> > get this
>> > > error:
>> > > |
>> > > In file included from ./headers/shared.h:215:0,
>> > >  from client-agent/sendmsg.c:10:
>> > > ./os_regex/os_regex.h:19:19: fatal error: pcre2.h: No such file or
>> > directory
>> > >  #include 
>> > > |
>> > >
>> > > After installing pcre-devel, it still fails with this error.
>> > >
>> > > --
>> > >
>> > > ---
>> > > You received this message because you are subscribed to the Google
>> > > Groups "ossec-list" group.
>> > > To unsubscribe from this group and stop receiving emails from it,
>> send
>> > > an email to ossec-list+unsubscr...@googlegroups.com
>> > 
>> > > > > >.
>> > > To view this discussion on the web visit
>> > >
>> >
>> https://groups.google.com/d/msgid/ossec-list/87a1b5ac-5b1d-476c-bda7-1c1dfc8cdae3%40googlegroups.com
>> > >
>> > <
>> https://groups.google.com/d/msgid/ossec-list/87a1b5ac-5b1d-476c-bda7-1c1dfc8cdae3%40googlegroups.com?utm_medium=email_source=footer
>> >.
>> >
>> > --
>> >
>> > GPG (http://www.gnupg.org/) key available from:
>> > http://www.kayakero.net/per/david/
>> >
>> > --
>> >
>> > ---
>> > You received this message because you are subscribed to the Google
>> > Groups "ossec-list" group.
>> > To unsubscribe from this group and stop receiving emails from it,
>> > send an email to ossec-list+unsubscr...@googlegroups.com
>> > .
>> > To view this discussion on the web visit
>> >
>> https://groups.google.com/d/msgid/ossec-list/cab8fad4-032e-f5ba-4390-e3285aa8bf9e%40kayakero.net
>> .
>> >
>> > --
>> >
>> > ---
>> > You received this message because you are subscribed to the Google
>> > Groups "ossec-list" group.
>> > To unsubscribe from this group and stop receiving emails from it, send
>> > an email to ossec-list+unsubscr...@googlegroups.com
>> > .
>> > To view this discussion on the web visit
>> >
>> https://groups.google.com/d/msgid/ossec-list/CABX9L-gdpq-JthSt-XW0V1bv49kwAVdXvB43s6rD%3D-WFm2-XRQ%40mail.gmail.com
>> > <
>> https://groups.google.com/d/msgid/ossec-list/CABX9L-gdpq-JthSt-XW0V1bv49kwAVdXvB43s6rD%3D-WFm2-XRQ%40mail.gmail.com?utm_medium=email_source=footer
>> >.
>>
>> --
>>
>> GPG (http://www.gnupg.org/) key available from:
>> http://www.kayakero.net/per/david/
>>
>> --
>>
>> ---
>> You received this message because you are subscribed to the Google Groups
>> "ossec-list" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to ossec-list+unsubscr...@googlegroups.com.
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/ossec-list/19948dfd-4a75-ebc9-e7d7-44e5265fb86c%40kayakero.net
>> .
>>
> --
>
> ---
> You received this message because you are subscribed to the Google Groups
> "ossec-list" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ossec-list+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ossec-list/CABX9L-j9DBPBWJ_w95NWNZKapRqW21942rBipNeqBAzhR3qnCw%40mail.gmail.com
> 
> .
>

-- 

--- 
You received this message because you are subscribed to the Google Groups 
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ossec-list+unsubscr...@googlegroups.com.

Re: [ossec-list] Unable to install OSSEC Agent

[Luke Boguslaw]

I did a make clean, then ran install with PCRE2_SYSTEM=yes, but am getting
this error now:
[image: image.png]

On Mon, Apr 20, 2020 at 10:34 PM David Williams 
wrote:

> Andy,
> How about this:
> yum info pcre2-devel
> Note the "2:" pcre2-devel
> -David
>
>
> On 4/20/20 7:43 PM, Luke Boguslaw wrote:
> > It is telling me that pcre-utf does not exist, and pcre-devel is already
> > installed.
> >
> > On Mon, Apr 20, 2020 at 5:30 PM David Williams  > > wrote:
> >
> > Andy,
> > I believe there are seperate pcre2 packages. I have these
> > installed:
> >
> > pcre-8.32-17.el7.x86_64
> > pcre2-utf16-10.23-2.el7.x86_64
> > pcre2-10.23-2.el7.x86_64
> > pcre2-devel-10.23-2.el7.x86_64
> > pcre-8.32-17.el7.i686
> > pcre2-utf32-10.23-2.el7.x86_64
> >
> >
> > -David
> >
> > On 4/20/20 2:09 PM, Andy wrote:
> > > I am unable to install the ossec agent on a centos 7 server.  I
> > get this
> > > error:
> > > |
> > > In file included from ./headers/shared.h:215:0,
> > >  from client-agent/sendmsg.c:10:
> > > ./os_regex/os_regex.h:19:19: fatal error: pcre2.h: No such file or
> > directory
> > >  #include 
> > > |
> > >
> > > After installing pcre-devel, it still fails with this error.
> > >
> > > --
> > >
> > > ---
> > > You received this message because you are subscribed to the Google
> > > Groups "ossec-list" group.
> > > To unsubscribe from this group and stop receiving emails from it,
> send
> > > an email to ossec-list+unsubscr...@googlegroups.com
> > 
> > >  > >.
> > > To view this discussion on the web visit
> > >
> >
> https://groups.google.com/d/msgid/ossec-list/87a1b5ac-5b1d-476c-bda7-1c1dfc8cdae3%40googlegroups.com
> > >
> > <
> https://groups.google.com/d/msgid/ossec-list/87a1b5ac-5b1d-476c-bda7-1c1dfc8cdae3%40googlegroups.com?utm_medium=email_source=footer
> >.
> >
> > --
> >
> > GPG (http://www.gnupg.org/) key available from:
> > http://www.kayakero.net/per/david/
> >
> > --
> >
> > ---
> > You received this message because you are subscribed to the Google
> > Groups "ossec-list" group.
> > To unsubscribe from this group and stop receiving emails from it,
> > send an email to ossec-list+unsubscr...@googlegroups.com
> > .
> > To view this discussion on the web visit
> >
> https://groups.google.com/d/msgid/ossec-list/cab8fad4-032e-f5ba-4390-e3285aa8bf9e%40kayakero.net
> .
> >
> > --
> >
> > ---
> > You received this message because you are subscribed to the Google
> > Groups "ossec-list" group.
> > To unsubscribe from this group and stop receiving emails from it, send
> > an email to ossec-list+unsubscr...@googlegroups.com
> > .
> > To view this discussion on the web visit
> >
> https://groups.google.com/d/msgid/ossec-list/CABX9L-gdpq-JthSt-XW0V1bv49kwAVdXvB43s6rD%3D-WFm2-XRQ%40mail.gmail.com
> > <
> https://groups.google.com/d/msgid/ossec-list/CABX9L-gdpq-JthSt-XW0V1bv49kwAVdXvB43s6rD%3D-WFm2-XRQ%40mail.gmail.com?utm_medium=email_source=footer
> >.
>
> --
>
> GPG (http://www.gnupg.org/) key available from:
> http://www.kayakero.net/per/david/
>
> --
>
> ---
> You received this message because you are subscribed to the Google Groups
> "ossec-list" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ossec-list+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ossec-list/19948dfd-4a75-ebc9-e7d7-44e5265fb86c%40kayakero.net
> .
>

-- 

--- 
You received this message because you are subscribed to the Google Groups 
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ossec-list+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ossec-list/CABX9L-j9DBPBWJ_w95NWNZKapRqW21942rBipNeqBAzhR3qnCw%40mail.gmail.com.

Re: [ossec-list] Regarding automatically old log deleting.

[dan (ddp)]

On Sun, Apr 12, 2020 at 11:22 PM Problem Store  wrote:
>
> Dear Team,
>
> I have one question, the example I have 1GB storage in OSSEC, when storage 
> will be full then automatically deleted from the beginning log( old log). 
> It's possible if possible how? Please share your idea.
>

Use cron to cleanup old logs.

> Thank's
> OSU
>
> --
>
> ---
> You received this message because you are subscribed to the Google Groups 
> "ossec-list" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to ossec-list+unsubscr...@googlegroups.com.
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/ossec-list/8594d8fb-aad7-41e1-a346-80de7d600064%40googlegroups.com.

-- 

--- 
You received this message because you are subscribed to the Google Groups 
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ossec-list+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ossec-list/CAMyQvMpCKrs6w_yRk0qi9aJmoYnqvvxRZ4sfUTJU4uZx931Sdw%40mail.gmail.com.

Re: [ossec-list] Query on rule for Supported languages

[dan (ddp)]

On Mon, Apr 20, 2020 at 5:30 PM sumit soni  wrote:
>
> Hi ,
> I have systems with different languages and wondering if  I create a rule to 
> match English logs  can that rule also work for logs from other language OS 
> or not .
> For .e.g if create a rule whc=ich mach with following string  3 incorrect 
> password attempts  and apply this rule on a System With Japanese language  
> would it work  and OSSEC would able to translate match string from one 
> language to other ??
> Or do i have to create new rule for specific language characters to match
>

OSSEC looks at the characters and strings it is passed. OSSEC doesn't
translate the message between languages, I think you'd need to match
the strings in each language you want to support.

> Regards
> Sumit
>
> --
>
> ---
> You received this message because you are subscribed to the Google Groups 
> "ossec-list" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to ossec-list+unsubscr...@googlegroups.com.
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/ossec-list/67b4a34a-a1a3-485c-8140-087b9042bab1%40googlegroups.com.

-- 

--- 
You received this message because you are subscribed to the Google Groups 
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ossec-list+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ossec-list/CAMyQvMpgso0TDcMB%3Dz_ciQNpJva5ytAq7f7naZS%2BLpDUdtpwDQ%40mail.gmail.com.

Re: [ossec-list] Re: Unable to install OSSEC Agent

[dan (ddp)]

This does not look related to this thread. Reply in-line.

On Tue, Apr 21, 2020 at 6:36 AM Mohit Gupta  wrote:
>
> Hi Team,
>
> Good Morning/Afternoon/Evening.
>
> I was trying to install ossec agent on one of my machine but getting below 
> error on control start up.
>
> -
> 2020/04/21 07:31:49 ossec-syscheckd(1210): ERROR: Queue 
> '/var/ossec/queue/ossec/queue' not accessible: 'Connection refused'.
> 2020/04/21 07:31:49 rootcheck(1210): ERROR: Queue 
> '/var/ossec/queue/ossec/queue' not accessible: 'Connection refused'.
> 2020/04/21 07:31:57 ossec-syscheckd(1210): ERROR: Queue 
> '/var/ossec/queue/ossec/queue' not accessible: 'Connection refused'.
> 2020/04/21 07:31:57 rootcheck(1210): ERROR: Queue 
> '/var/ossec/queue/ossec/queue' not accessible: 'Connection refused'.
> 2020/04/21 07:32:10 ossec-syscheckd(1210): ERROR: Queue 
> '/var/ossec/queue/ossec/queue' not accessible: 'Connection refused'.
> 2020/04/21 07:32:10 rootcheck(1211): ERROR: Unable to access queue: 
> '/var/ossec/queue/ossec/queue'. Giving up..
> ossec-syscheckd did not start
> -
>

These messages are from the agent machine?
Are there any error messages in the ossec.log file on the agent before
these messages?

> Where we have added Agent at server side and extracted key to add agent.
>
> kindly assist here for same.
>
> Note - We have kernel difference b/w server and client.
>
> Server has below version :
>
> Linux  3.10.0-693.5.2.el7.x86_64 #1 SMP Fri Oct 13 10:46:25 
> EDT 2017 x86_64 x86_64 x86_64 GNU/Linux
>
>
> Client has below version :
>
> Linux  3.10.0-862.11.6.el7.x86_64 #1 SMP Fri Aug 10 16:55:11 
> UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
>
>
> On Monday, April 20, 2020 at 11:42:18 PM UTC+5:30, Andy wrote:
>>
>> I am unable to install the ossec agent on a centos 7 server.  I get this 
>> error:
>> In file included from ./headers/shared.h:215:0,
>>  from client-agent/sendmsg.c:10:
>> ./os_regex/os_regex.h:19:19: fatal error: pcre2.h: No such file or directory
>>  #include 
>>
>> After installing pcre-devel, it still fails with this error.
>
> --
>
> ---
> You received this message because you are subscribed to the Google Groups 
> "ossec-list" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to ossec-list+unsubscr...@googlegroups.com.
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/ossec-list/5a80eca6-0374-45a5-b4ad-27102c92b59d%40googlegroups.com.

-- 

--- 
You received this message because you are subscribed to the Google Groups 
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ossec-list+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ossec-list/CAMyQvMpOW2fERWmTtGGvBquyJcYPrQtU_vxSimABmCDJ-eFynw%40mail.gmail.com.

Re: [ossec-list] Unable to install OSSEC Agent

[dan (ddp)]

On Mon, Apr 20, 2020 at 10:34 PM David Williams  wrote:
>
> Andy,
> How about this:
> yum info pcre2-devel
> Note the "2:" pcre2-devel
> -David
>

This should be the answer right here. Use pcre2, not pcre.

>
> On 4/20/20 7:43 PM, Luke Boguslaw wrote:
> > It is telling me that pcre-utf does not exist, and pcre-devel is already
> > installed.
> >
> > On Mon, Apr 20, 2020 at 5:30 PM David Williams  > > wrote:
> >
> > Andy,
> > I believe there are seperate pcre2 packages. I have these
> > installed:
> >
> > pcre-8.32-17.el7.x86_64
> > pcre2-utf16-10.23-2.el7.x86_64
> > pcre2-10.23-2.el7.x86_64
> > pcre2-devel-10.23-2.el7.x86_64
> > pcre-8.32-17.el7.i686
> > pcre2-utf32-10.23-2.el7.x86_64
> >
> >
> > -David
> >
> > On 4/20/20 2:09 PM, Andy wrote:
> > > I am unable to install the ossec agent on a centos 7 server.  I
> > get this
> > > error:
> > > |
> > > In file included from ./headers/shared.h:215:0,
> > >  from client-agent/sendmsg.c:10:
> > > ./os_regex/os_regex.h:19:19: fatal error: pcre2.h: No such file or
> > directory
> > >  #include 
> > > |
> > >
> > > After installing pcre-devel, it still fails with this error.
> > >
> > > --
> > >
> > > ---
> > > You received this message because you are subscribed to the Google
> > > Groups "ossec-list" group.
> > > To unsubscribe from this group and stop receiving emails from it, send
> > > an email to ossec-list+unsubscr...@googlegroups.com
> > 
> > >  > >.
> > > To view this discussion on the web visit
> > >
> > 
> > https://groups.google.com/d/msgid/ossec-list/87a1b5ac-5b1d-476c-bda7-1c1dfc8cdae3%40googlegroups.com
> > >
> > 
> > .
> >
> > --
> >
> > GPG (http://www.gnupg.org/) key available from:
> > http://www.kayakero.net/per/david/
> >
> > --
> >
> > ---
> > You received this message because you are subscribed to the Google
> > Groups "ossec-list" group.
> > To unsubscribe from this group and stop receiving emails from it,
> > send an email to ossec-list+unsubscr...@googlegroups.com
> > .
> > To view this discussion on the web visit
> > 
> > https://groups.google.com/d/msgid/ossec-list/cab8fad4-032e-f5ba-4390-e3285aa8bf9e%40kayakero.net.
> >
> > --
> >
> > ---
> > You received this message because you are subscribed to the Google
> > Groups "ossec-list" group.
> > To unsubscribe from this group and stop receiving emails from it, send
> > an email to ossec-list+unsubscr...@googlegroups.com
> > .
> > To view this discussion on the web visit
> > https://groups.google.com/d/msgid/ossec-list/CABX9L-gdpq-JthSt-XW0V1bv49kwAVdXvB43s6rD%3D-WFm2-XRQ%40mail.gmail.com
> > .
>
> --
>
> GPG (http://www.gnupg.org/) key available from:
> http://www.kayakero.net/per/david/
>
> --
>
> ---
> You received this message because you are subscribed to the Google Groups 
> "ossec-list" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to ossec-list+unsubscr...@googlegroups.com.
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/ossec-list/19948dfd-4a75-ebc9-e7d7-44e5265fb86c%40kayakero.net.

-- 

--- 
You received this message because you are subscribed to the Google Groups 
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ossec-list+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ossec-list/CAMyQvMotRqrxTOZr_k5FJv5UgeVg%3Di58b39T3LzQ%3DSe2aaYqPQ%40mail.gmail.com.

[ossec-list] Re: Unable to install OSSEC Agent

[Mohit Gupta]

Hi Team,

Good Morning/Afternoon/Evening.

I was trying to install ossec agent on one of my machine but getting below 
error on control start up.

-
2020/04/21 07:31:49 ossec-syscheckd(1210): ERROR: Queue 
'/var/ossec/queue/ossec/queue' not accessible: 'Connection refused'.
2020/04/21 07:31:49 rootcheck(1210): ERROR: Queue 
'/var/ossec/queue/ossec/queue' not accessible: 'Connection refused'.
2020/04/21 07:31:57 ossec-syscheckd(1210): ERROR: Queue 
'/var/ossec/queue/ossec/queue' not accessible: 'Connection refused'.
2020/04/21 07:31:57 rootcheck(1210): ERROR: Queue 
'/var/ossec/queue/ossec/queue' not accessible: 'Connection refused'.
2020/04/21 07:32:10 ossec-syscheckd(1210): ERROR: Queue 
'/var/ossec/queue/ossec/queue' not accessible: 'Connection refused'.
2020/04/21 07:32:10 rootcheck(1211): ERROR: Unable to access queue: 
'/var/ossec/queue/ossec/queue'. Giving up..
ossec-syscheckd did not start
-

Where we have added Agent at server side and extracted key to add agent.

kindly assist here for same.

Note - We have kernel difference b/w server and client.

Server has below version :

Linux  3.10.0-693.5.2.el7.x86_64 #1 SMP Fri Oct 13 
10:46:25 EDT 2017 x86_64 x86_64 x86_64 GNU/Linux


Client has below version :

Linux  3.10.0-862.11.6.el7.x86_64 #1 SMP Fri Aug 10 
16:55:11 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux


On Monday, April 20, 2020 at 11:42:18 PM UTC+5:30, Andy wrote:
>
> I am unable to install the ossec agent on a centos 7 server.  I get this 
> error:
> In file included from ./headers/shared.h:215:0,
>  from client-agent/sendmsg.c:10:
> ./os_regex/os_regex.h:19:19: fatal error: pcre2.h: No such file or 
> directory
>  #include 
>
> After installing pcre-devel, it still fails with this error. 
>

-- 

--- 
You received this message because you are subscribed to the Google Groups 
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ossec-list+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ossec-list/5a80eca6-0374-45a5-b4ad-27102c92b59d%40googlegroups.com.