Open jrossi opened 10 years ago
Could you provide the log and the entire ossec-reportd command you are using? Running it through gdb and getting a backtrace might also be helpful.
What does the WUI show for srcip?
Note: This comment has been automatically migrated from Bitbucket Created by ddpbsd on 2013-12-11 13:06:45+00:00
hi could we provide the logs in private ? it may contain some private and useful information
Note: This comment has been automatically migrated from Bitbucket Created by bdsecurityteam on 2013-12-12 11:16:54+00:00
Of course. If email is ok, you can send it to ddpbsd@gmail.com
Note: This comment has been automatically migrated from Bitbucket Created by ddpbsd on 2013-12-12 13:13:32+00:00
hi, my email was just sent, let me know you receive it
Note: This comment has been automatically migrated from Bitbucket Created by bdsecurityteam on 2013-12-17 10:07:34+00:00
Got it, will try to look at it tonight.
Note: This comment has been automatically migrated from Bitbucket Created by ddpbsd on 2013-12-17 13:04:24+00:00
hi, any news ? best regards
Note: This comment has been automatically migrated from Bitbucket Created by bdsecurityteam on 2014-01-06 10:13:38+00:00
Sorry, with the holidays and new job and everything I haven't had a chance to look into it. I tried catching up on some projects last night, so I'll try moving this one to the top of the list.
Note: This comment has been automatically migrated from Bitbucket Created by ddpbsd on 2014-01-06 13:26:14+00:00
Ok, I think I can recreate the crash. Still looking at it though.
Note: This comment has been automatically migrated from Bitbucket Created by ddpbsd on 2014-01-06 13:48:44+00:00
Ok, I have a fix. I suspect some of the other options will need the same fix. I cannot upload it directly at the moment, but if you want to try it out add:
if(al_data->srcip)
{
}
around the:
if(!strstr(al_data->srcip, r_filter->srcip))
{
return(0);
}
in src/shared/report_op.c (around line 146).
I'll try to put similar checks in for other possible options (I assume srcport will do the same thing), and push the fix tonight.
Note: This comment has been automatically migrated from Bitbucket Created by ddpbsd on 2014-01-06 14:33:42+00:00
My existing pull request has been updated with this fix as well. Please test it out and let me know if you find other (or the same) issues.
Note: This comment has been automatically migrated from Bitbucket Created by ddpbsd on 2014-01-07 03:24:44+00:00
Thanks We will test it when we have some times do you an idea for the second problem in the wui ? best regards
Note: This comment has been automatically migrated from Bitbucket Created by bdsecurityteam on 2014-01-07 11:20:17+00:00
I haven't looked into the wui issue yet. I don't really use it.
Note: This comment has been automatically migrated from Bitbucket Created by ddpbsd on 2014-01-07 12:42:23+00:00
Ok, just tested the wui. It appears to be working for me.Src IP is populated with an actual IP address.
Note: This comment has been automatically migrated from Bitbucket Created by ddpbsd on 2014-01-07 13:28:52+00:00
hello, thanks what version do you use ? where can i download a new one ? best regards
Note: This comment has been automatically migrated from Bitbucket Created by bdsecurityteam on 2014-01-16 09:16:17+00:00
hi , i test again with the wui, works for real time monitoring but not with date thanks marc
Note: This comment has been automatically migrated from Bitbucket Created by bdsecurityteam on 2014-01-17 12:54:04+00:00
I'm using 0.8 from the site. I need more of an explanation of what you're seeing. I tried searching by date and the src ip field looks fine. What data is populating that field? How do you get there exactly?
Note: This comment has been automatically migrated from Bitbucket Created by ddpbsd on 2014-01-17 13:03:16+00:00
just send you a screenhost by mail tell if it is ok
Note: This comment has been automatically migrated from Bitbucket Created by bdsecurityteam on 2014-01-17 13:25:40+00:00
I got the screen shot. I don't know enough about the wui to really comment on that. I've opened issue #66 for this issue.
Note: This comment has been automatically migrated from Bitbucket Created by ddpbsd on 2014-01-17 13:37:18+00:00
For reportd i take https://bitbucket.org/jbcheng/ossec-hids/raw/326d69f1a88d201d57365fe475bcc0c8f3e9a7ab/src/shared/report_op.c and that's works , no crash thanks
Note: This comment has been automatically migrated from Bitbucket Created by bdsecurityteam on 2014-01-17 13:39:01+00:00
First problem we segfault zcat /var/ossec/logs/alerts/2013/Dec/ossec-alerts-0*.gz | /var/ossec/bin/ossec-reportd -f srcip X.XX.XX.XXX 2013/12/05 11:58:31 ossec-reportd: INFO: Started (pid: 27996). Erreur de segmentation
Second problem in the web interface (0.8-beta) the srcip value, stop working since we upgrade in 2.7.1
cat /etc/debian_version 7.2 3.2.0-4-686-pae #1 SMP Debian 3.2.51-1 i686 GNU/Linux
we just upgrade from 2.6 thanks
Note: This issue has been automatically migrated from Bitbucket Created by bdsecurityteam on 2013-12-05 11:08:41+00:00, last updated: 2014-01-17 13:42:45+00:00