SETMAXAGENTS still set to default after recompiling and installing

[temp.em...@gmail.com]

I noticed that I am able to successfully compile the source (with the target specified), and it reports that the new SETMAXAGENTS value is correct. However, when I run the installer, it reports the default number for SETMAXAGENTS (2048). As far I understand, I should just be able to recompile and either use a fresh install, or run the installer again to update. Is that correct? https://ossec-docs.readthedocs.io/en/latest/faq/ossec.html

Additional question, does the MAXAGENTS need to be set on both the Server AND the Agent installations?

[dan (ddp)]

On Feb 14, 2018 2:26 PM, <temp.em...@gmail.com> wrote:

I noticed that I am able to successfully compile the source (with the target specified), and it reports that the new SETMAXAGENTS value is correct. However, when I run the installer, it reports the default number for SETMAXAGENTS (2048). As far I understand, I should just be able to recompile and either use a fresh install, or run the installer again to update. Is that correct? https://ossec-docs.readthedocs.io/en/latest/faq/ossec.html

Which version of ossec are you using? I'll have to look into how each version changes that, I can't remember the differences off hand.

Additional question, does the MAXAGENTS need to be set on both the Server AND the Agent installations?

Server only.

--

---
You received this message because you are subscribed to the Google Groups "ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[temp.em...@gmail.com]

The latest: 2.9.3. Is this too new? I've noticed discrepancies between tis version and some of the docs. Is there a specific version number that is 'easiest to use'?

Also, there are additional instructions at http://ossec-docs.readthedocs.io/en/latest/manual/installation/installation-binary.html and in the INSTALL file in the root directory it has addition instructions (presumable last updated for 2.9.2) for a binary installation under 'By Hand Installation', but I have not done any of those things. Just make TARGET=server SETMAXAGENTS=n.

[dan (ddp)]

On Wed, Feb 14, 2018 at 3:09 PM, <temp.em...@gmail.com> wrote:
> The latest: 2.9.3. Is this too new? I've noticed discrepancies between tis
> version and some of the docs. Is there a specific version number that is
> 'easiest to use'?
>
> Also, there are additional instructions at
> http://ossec-docs.readthedocs.io/en/latest/manual/installation/installation-binary.html

More current (although still out of date) documentation is at
https://ossec.github.io.
Read the docs has been problematic, and I haven't really tried to
figure out why it fails.

> and in the INSTALL file in the root directory it has addition instructions
> (presumable last updated for 2.9.2) for a binary installation under 'By Hand
> Installation', but I have not done any of those things. Just make
> TARGET=server SETMAXAGENTS=n.
>

So if I understand correctly, you did `make TARGET=server
SETMAXAGENTS=9999` then
when that was done you ran `install.sh`?
I don't think that'll work the way you want it to. When I want to set
some of the options during `install.sh`
I usually use something like:
# env SETMAXAGENTS=9999 USE_ZEROMQ=y ./install.sh

This passes the environment variables to the script for me, to make
sure the right options are being used.

>
> On Wednesday, February 14, 2018 at 11:26:50 AM UTC-8, temp.em...@gmail.com
> wrote:
>>
>> I noticed that I am able to successfully compile the source (with the
>> target specified), and it reports that the new SETMAXAGENTS value is
>> correct. However, when I run the installer, it reports the default number
>> for SETMAXAGENTS (2048). As far I understand, I should just be able to
>> recompile and either use a fresh install, or run the installer again to
>> update. Is that correct?
>> https://ossec-docs.readthedocs.io/en/latest/faq/ossec.html
>>
>> Additional question, does the MAXAGENTS need to be set on both the Server
>> AND the Agent installations?
>

> --
>
> ---
> You received this message because you are subscribed to the Google Groups
> "ossec-list" group.
> To unsubscribe from this group and stop receiving emails from it, send an

> email to ossec-list+...@googlegroups.com.

[temp.em...@gmail.com]

Thank you for your reply! I appreciate the help. Using exactly what you posted while inside the ossec-hids-A.B.C directory: "sudo env SETMAXAGENTS=9999 USE_ZEROMQ=y ./install", it installs but the output still reports the default. Could this be incorrect? Is there another way to verify the max agents?

I don't understand why there is no make in your instruction, but it seems that the installer is doing its own make and probably overriding the one I manually build right before using it (the installer). Here is some output from the beginning go the install script:

cd external/lua/ && make posix

make[1]: Entering directory '/home/username/ossec-hids-2.9.3/src/external/lua-5.2.3'

cd src && make posix

make[2]: Entering directory '/home/username/ossec-hids-2.9.3/src/external/lua-5.2.3/src'

make all SYSCFLAGS="-DLUA_USE_POSIX"

make[3]: Entering directory '/home/username/ossec-hids-2.9.3/src/external/lua-5.2.3/src'

make[3]: Nothing to be done for 'all'.

make[3]: Leaving directory '/home/username/ossec-hids-2.9.3/src/external/lua-5.2.3/src'

make[2]: Leaving directory '/home/username/ossec-hids-2.9.3/src/external/lua-5.2.3/src'

make[1]: Leaving directory '/home/username/ossec-hids-2.9.3/src/external/lua-5.2.3'

make settings

make[1]: Entering directory '/home/username/ossec-hids-2.9.3/src'

General settings:

    TARGET:           server

    V:                

    DEBUG:            

    DEBUGAD           

    PREFIX:           /var/ossec

    MAXAGENTS:        2048

    DATABASE:         

    ONEWAY:           no

    CLEANFULL:        no

    ...

[dan (ddp)]

On Feb 15, 2018 3:09 PM, <temp.em...@gmail.com> wrote:

Thank you for your reply! I appreciate the help. Using exactly what you posted while inside the ossec-hids-A.B.C directory: "sudo env SETMAXAGENTS=9999 USE_ZEROMQ=y ./install", it installs but the output still reports the default. Could this be incorrect? Is there another way to verify the max agents?

I don't know off hand. I'll try looking into it though. It's not a setting I've ever had to change.

I don't understand why there is no make in your instruction, but it seems that the installer is doing its own make and probably overriding the one I manually build right before using it (the installer). Here is some output from the beginning go the install script:

Install.sh runs make itself. Therr is a binary install method, but I don't remember it offhand

To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscribe@googlegroups.com.

[temp.em...@gmail.com]

Thanks again. Not sure then how I am supposed to install the recompiled code if install.sh is going to overwrite it. This doesn't make any sense :(. I don't see any other issues like this posted. As I mentioned earlier, the instructions in ossec-hids-A.B.C/INSTALL are not the same as all the other instructions listed elsewhere (and are a bit more confusing if it is supposed to be as easy as the other users have reported). I want to make sure, the BINARY_INSTALL option in the installation answer file needs to be set to 'yes'?... no other posts mention this specifically.

[dan (ddp)]

On Feb 15, 2018 5:26 PM, <temp.em...@gmail.com> wrote:

Thanks again. Not sure then how I am supposed to install the recompiled code if install.sh is going to overwrite it. This doesn't make any sense :(. I don't see any other issues like this posted. As I mentioned earlier, the instructions in ossec-hids-A.B.C/INSTALL are not the same as all the

There are too many instances of instructions, it's hard to keep them all straight.

other instructions listed elsewhere (and are a bit more confusing if it is supposed to be as easy as the other users have reported). I want to make sure, the BINARY_INSTALL option in the installation answer file needs to be set to 'yes'?... no other posts mention this specifically.

I'd have to look. I don't generally do binary installs. I guess I need to, atleast to make sure the docs work.

If you do "V=1" along with the MAXAGENTS env before install.sh, you can look for "-DMAX_AGENTS" in the compiler output to see what it is actually getting set to.

To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscribe@googlegroups.com.

[dan (ddp)]

This command:

sudo env MAXAGENTS=9999 V=1 ./install.sh

 

Gave me this at the end:

General settings:

    TARGET:           server

    V:                1

    DEBUG:

    DEBUGAD

    PREFIX:           /var/ossec2

    MAXAGENTS:        9999

    DATABASE:

    ONEWAY:           no

    CLEANFULL:        no

User settings:

    OSSEC_GROUP:      ossec

    OSSEC_USER:       ossec

    OSSEC_USER_MAIL:  ossecm

    OSSEC_USER_REM:   ossecr

Lua settings:

    LUA_PLAT:         posix

USE settings:

    USE_ZEROMQ:       no

    USE_GEOIP:        no

    USE_PRELUDE:      no

    USE_OPENSSL:      auto

    USE_PICVIZ:       yes

    USE_INOTIFY:      no

Mysql settings:

    includes:

    libs:

Pgsql settings:

    includes:

    libs:

I saw the right define being passed in the output as well.

[temp.em...@gmail.com]

Now... this works! Thank you. Also noted that if this is used during the Agent installation (had to try and see) it will not reflect the new MAXAGENTS. I thought perhaps there may be a small chance that the Agent may need to be recompiled as well since it could have a larger ID than expected (and this might affect the code it runs) since the server will be supported greater than the default number... make sense?