Open jrossi opened 10 years ago
jrossi
commented
10 years ago Could you provide the log and the entire ossec-reportd command you are using? Running it through gdb and getting a backtrace might also be helpful.
What does the WUI show for srcip?
Note: This comment has been automatically migrated from Bitbucket Created by ddpbsd on 2013-12-11 13:06:45+00:00
jrossi
commented
10 years ago hi could we provide the logs in private ? it may contain some private and useful information
Note: This comment has been automatically migrated from Bitbucket Created by bdsecurityteam on 2013-12-12 11:16:54+00:00
jrossi
commented
10 years ago Of course. If email is ok, you can send it to ddpbsd@gmail.com
Note: This comment has been automatically migrated from Bitbucket Created by ddpbsd on 2013-12-12 13:13:32+00:00
jrossi
commented
10 years ago hi, my email was just sent, let me know you receive it
Note: This comment has been automatically migrated from Bitbucket Created by bdsecurityteam on 2013-12-17 10:07:34+00:00
jrossi
commented
10 years ago Got it, will try to look at it tonight.
Note: This comment has been automatically migrated from Bitbucket Created by ddpbsd on 2013-12-17 13:04:24+00:00
jrossi
commented
10 years ago hi, any news ? best regards
Note: This comment has been automatically migrated from Bitbucket Created by bdsecurityteam on 2014-01-06 10:13:38+00:00
jrossi
commented
10 years ago Sorry, with the holidays and new job and everything I haven't had a chance to look into it. I tried catching up on some projects last night, so I'll try moving this one to the top of the list.
Note: This comment has been automatically migrated from Bitbucket Created by ddpbsd on 2014-01-06 13:26:14+00:00
jrossi
commented
10 years ago Ok, I think I can recreate the crash. Still looking at it though.
Note: This comment has been automatically migrated from Bitbucket Created by ddpbsd on 2014-01-06 13:48:44+00:00
jrossi
commented
10 years ago Ok, I have a fix. I suspect some of the other options will need the same fix. I cannot upload it directly at the moment, but if you want to try it out add:
if(al_data->srcip)
{
}
around the:
if(!strstr(al_data->srcip, r_filter->srcip))
{
return(0);
}in src/shared/report_op.c (around line 146).
I'll try to put similar checks in for other possible options (I assume srcport will do the same thing), and push the fix tonight.
Note: This comment has been automatically migrated from Bitbucket Created by ddpbsd on 2014-01-06 14:33:42+00:00
jrossi
commented
10 years ago My existing pull request has been updated with this fix as well. Please test it out and let me know if you find other (or the same) issues.
Note: This comment has been automatically migrated from Bitbucket Created by ddpbsd on 2014-01-07 03:24:44+00:00
jrossi
commented
10 years ago Thanks We will test it when we have some times do you an idea for the second problem in the wui ? best regards
Note: This comment has been automatically migrated from Bitbucket Created by bdsecurityteam on 2014-01-07 11:20:17+00:00
jrossi
commented
10 years ago I haven't looked into the wui issue yet. I don't really use it.
Note: This comment has been automatically migrated from Bitbucket Created by ddpbsd on 2014-01-07 12:42:23+00:00
jrossi
commented
10 years ago Ok, just tested the wui. It appears to be working for me.Src IP is populated with an actual IP address.
Note: This comment has been automatically migrated from Bitbucket Created by ddpbsd on 2014-01-07 13:28:52+00:00
jrossi
commented
10 years ago hello, thanks what version do you use ? where can i download a new one ? best regards
Note: This comment has been automatically migrated from Bitbucket Created by bdsecurityteam on 2014-01-16 09:16:17+00:00
jrossi
commented
10 years ago hi , i test again with the wui, works for real time monitoring but not with date thanks marc
Note: This comment has been automatically migrated from Bitbucket Created by bdsecurityteam on 2014-01-17 12:54:04+00:00
jrossi
commented
10 years ago I'm using 0.8 from the site. I need more of an explanation of what you're seeing. I tried searching by date and the src ip field looks fine. What data is populating that field? How do you get there exactly?
Note: This comment has been automatically migrated from Bitbucket Created by ddpbsd on 2014-01-17 13:03:16+00:00
jrossi
commented
10 years ago just send you a screenhost by mail tell if it is ok
Note: This comment has been automatically migrated from Bitbucket Created by bdsecurityteam on 2014-01-17 13:25:40+00:00
jrossi
commented
10 years ago I got the screen shot. I don't know enough about the wui to really comment on that. I've opened issue #66 for this issue.
Note: This comment has been automatically migrated from Bitbucket Created by ddpbsd on 2014-01-17 13:37:18+00:00
jrossi
commented
10 years ago For reportd i take https://bitbucket.org/jbcheng/ossec-hids/raw/326d69f1a88d201d57365fe475bcc0c8f3e9a7ab/src/shared/report_op.c and that's works , no crash thanks
Note: This comment has been automatically migrated from Bitbucket Created by bdsecurityteam on 2014-01-17 13:39:01+00:00
First problem we segfault zcat /var/ossec/logs/alerts/2013/Dec/ossec-alerts-0*.gz | /var/ossec/bin/ossec-reportd -f srcip X.XX.XX.XXX 2013/12/05 11:58:31 ossec-reportd: INFO: Started (pid: 27996). Erreur de segmentation
Second problem in the web interface (0.8-beta) the srcip value, stop working since we upgrade in 2.7.1
cat /etc/debian_version 7.2 3.2.0-4-686-pae #1 SMP Debian 3.2.51-1 i686 GNU/Linux
we just upgrade from 2.6 thanks
Note: This issue has been automatically migrated from Bitbucket Created by bdsecurityteam on 2013-12-05 11:08:41+00:00, last updated: 2014-01-17 13:42:45+00:00