New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ERROR: Not compiled. Missing OpenSSL support with ossec-authd #1468
Comments
Try reinstalling ossec. If you built ossec from the source then you'll definitely need to rebuild it assuming you installed libssl-dev after you noticed the error. |
Was there a |
Thanks very much for the reply guys !!!. Reinstalling did work but I have a few questions on OSSEC. I don't think real time alerts are working. Every time I update a file on the agent, I get an alert almost 6-7 minutes later. Shouldn't it be instantaneous? Sometimes I feel I get alerts but sometimes I don't. It seems to be flaky sometimes. I have to install ossec on nearly 90 hosts for file integrity monitoring. As of now, I have installed a server and 2 agents.
Added alert_by_email option in ossec_rules.conf ossec syscheck_new_entry **alert_by_email** File added to the system. syscheck,Added in local_rules.xml to get an alert for any new file added ossec syscheck_new_entry File added to the system. syscheck,Changed syscheck frequency on the agent side That's all I have done. Do I need to do anything else? Please let me know. Also, after automatic key exchange method, I noticed by running ./agent_control -lc on the server that one of the agents couldn't be seen active although I could see alerts in the alerts.log file. Thanks in advance guys!! |
A frequency of 60 is way too small. I wouldn't set it to anything less than 300 seconds. While a full syscheck scan is running, realtime alerts will be disabled. |
Hi Guys, back again with OSSEC issue I'm not satisfied with the alerts I'm getting on ossec server. I want to run syscheck every 22 hours but for testing purposes, I have set the frequency to 300. So If modify a file on the agent, after how long should I be able to see an alert in the alerts.logs file as well as an email alert. I believe first of all it gets updated on the syscheck db on the server, then few mins later - I can see in alerts.log and again few minutes later an email alert. Sometimes, I just don't see an alert if a file is updated. I noticed, if I modify a file on the ossec agent and restart the agent, ONLY THEN I can see an alert in the alerts.log file. So, what should be the ideal behaviour in case syscheck runs evry 22 hours OR if it is set to run every 5 mins? How do I test it to be satified that everything is working fine. I can share the files with you. My req is that whenever a file gets updated on the system - I should see an alert in alerts.log as well as recieve an email alert. Please guys help me!! |
@kapoorkapoorm This should really be in a new issue. New issue, new issue. |
300s wouldnt even be long enough to finish the starting scan. Effectively you've configured it to never finish / never work |
I modified 2 files under /var/www for which I could see alerts on the server but when I modified a file under /home/test/qaenv/config*, I could see no alerts. The activity was done at 11:12 am - logs of which have also been attached, neither did I recieve any EMAIL ALERTS!! Neither did I see any update in the last-entry @loc /var/ossec/queue/diff/local/home/test/qaenv/config/test.properties. Am I doing something wrong? Logs -> 2018/08/21 11:12:12 ossec-logcollector(1225): INFO: SIGNAL Received. Exit Cleaning... Snap-shot of the config file no
Checked the entry in syscheck db and has the old checksum. |
Were you modifying |
Yes, I did modify the file test.properties at 11:12 am and even got an alert for that after 30 mins, when I restarted ossec agent. So, I believe I got few alerts after ossec agent was restarted but I should get the alerts even without the restart although I got all the alerts for /var/www ( without restart)and the files were modified at the same time. |
Hello,
I am looking to get ossec-authd to work. I've installed ossec-hids-2.8.3 on my Ubuntu machine and want to use ossec-authd for adding multiple agents to the OSSEC manager. Whenever I run /var/ossec/bin/ossec-authd -p 1515 on my server, I get below error
ERROR: Not compiled. Missing OpenSSL support.
I've already installed the package libssl-dev on my Ubuntu 16.04 but that doesn't help.
Can someone advise me something?
Thanks
Kapoorm
The text was updated successfully, but these errors were encountered: