Ossec in foreground
17 views
Skip to first unread message
Jeremy Rossi
Nov 13, 2009, 4:46:08 PM11/13/09
to osse...@ossec.net
Currently I use daemontools to manage all servers in production. Due to
this I wanted to get ossec to work as is standard for our environment. I
modified 2.2v to accept -f and not fork into the background.
this I wanted to get ossec to work as is standard for our environment. I
modified 2.2v to accept -f and not fork into the background.
Blah blah - I am not a coder - blah. So feed back and issues more then
welcome.
-Jeremy Rossi
Daniel Cid
Nov 18, 2009, 2:35:51 PM11/18/09
to osse...@googlegroups.com
Hi Jeremy,
Thanks for the patch. It was good and I applied to the latest
snapshot. It had only
one issue where for ossec-maild run_foreground was being set to "1" by default
instead of 0 (line 322 of the patch).
322 - int c, test_config = 0;
323 + int c, test_config = 0,run_foreground=1;
Can you please test it using:
http://www.ossec.net/files/snapshots/ossec-hids-091118.tar.gz
Thanks,
--
Daniel B. Cid
dcid ( at ) ossec.net
Thanks for the patch. It was good and I applied to the latest
snapshot. It had only
one issue where for ossec-maild run_foreground was being set to "1" by default
instead of 0 (line 322 of the patch).
322 - int c, test_config = 0;
323 + int c, test_config = 0,run_foreground=1;
Can you please test it using:
http://www.ossec.net/files/snapshots/ossec-hids-091118.tar.gz
Thanks,
--
Daniel B. Cid
dcid ( at ) ossec.net
Jeremy Rossi
Nov 19, 2009, 8:54:57 PM11/19/09
to osse...@googlegroups.com
Something else in the snapshot is not working correct for me with a new install.
# sudo rm -rf /var/ossec
# sudo rm /etc/ossec-init.conf
# wget http://www.ossec.net/files/snapshots/ossec-hids-091118.tar.gz
# tar xfvz ossec-hids-091118.tar.gz
# cd ossec-hids-091118
# sudo ./install.sh
[.....I select Server and just hit enter till i get back to prompt...]
# sudo /var/ossec/bin/ossec-control start
Starting OSSEC HIDS v2.2 (by Trend Micro Inc.)...
2009/11/20 01:50:32 ossec-maild: INFO: E-Mail notification disabled. Clean Exit.
Started ossec-maild...
Started ossec-execd...
Started ossec-analysisd...
Started ossec-logcollector...
Started ossec-remoted...
2009/11/20 01:50:38 ossec-syscheckd(1210): ERROR: Queue '/var/ossec/queue/ossec/queue' not accessible: 'Queue not found'.
2009/11/20 01:50:53 ossec-rootcheck(1210): ERROR: Queue '/var/ossec/queue/ossec/queue' not accessible: 'No such file or directory'.
2009/11/20 01:51:04 ossec-syscheckd(1210): ERROR: Queue '/var/ossec/queue/ossec/queue' not accessible: 'Queue not found'.
2009/11/20 01:51:19 ossec-rootcheck(1210): ERROR: Queue '/var/ossec/queue/ossec/queue' not accessible: 'No such file or directory'.
2009/11/20 01:51:35 ossec-syscheckd(1210): ERROR: Queue '/var/ossec/queue/ossec/queue' not accessible: 'Queue not found'.
2009/11/20 01:51:50 ossec-rootcheck(1211): ERROR: Unable to access queue: '/var/ossec/queue/ossec/queue'. Giving up..
I will spend more time looking for the problem in the morning.
# sudo rm -rf /var/ossec
# sudo rm /etc/ossec-init.conf
# wget http://www.ossec.net/files/snapshots/ossec-hids-091118.tar.gz
# tar xfvz ossec-hids-091118.tar.gz
# cd ossec-hids-091118
# sudo ./install.sh
[.....I select Server and just hit enter till i get back to prompt...]
# sudo /var/ossec/bin/ossec-control start
Starting OSSEC HIDS v2.2 (by Trend Micro Inc.)...
2009/11/20 01:50:32 ossec-maild: INFO: E-Mail notification disabled. Clean Exit.
Started ossec-maild...
Started ossec-execd...
Started ossec-analysisd...
Started ossec-logcollector...
Started ossec-remoted...
2009/11/20 01:50:38 ossec-syscheckd(1210): ERROR: Queue '/var/ossec/queue/ossec/queue' not accessible: 'Queue not found'.
2009/11/20 01:50:53 ossec-rootcheck(1210): ERROR: Queue '/var/ossec/queue/ossec/queue' not accessible: 'No such file or directory'.
2009/11/20 01:51:04 ossec-syscheckd(1210): ERROR: Queue '/var/ossec/queue/ossec/queue' not accessible: 'Queue not found'.
2009/11/20 01:51:19 ossec-rootcheck(1210): ERROR: Queue '/var/ossec/queue/ossec/queue' not accessible: 'No such file or directory'.
2009/11/20 01:51:35 ossec-syscheckd(1210): ERROR: Queue '/var/ossec/queue/ossec/queue' not accessible: 'Queue not found'.
2009/11/20 01:51:50 ossec-rootcheck(1211): ERROR: Unable to access queue: '/var/ossec/queue/ossec/queue'. Giving up..
I will spend more time looking for the problem in the morning.
Daniel Cid
Nov 23, 2009, 9:40:10 AM11/23/09
to osse...@googlegroups.com
Hi Jeremy,
Fixed already. I added a rule with the wrong id... Try with:
http://www.ossec.net/files/snapshots/ossec-hids-091120.tar.gz
Sorry about that.
Fixed already. I added a rule with the wrong id... Try with:
http://www.ossec.net/files/snapshots/ossec-hids-091120.tar.gz
Sorry about that.
Reply all
Reply to author
Forward
0 new messages