Comments (12)
@awiddersheim @gaelmuller as they know a lot about the windows build and @gaelmuller submitted the event channel pull requests.
I have never built on windows as it's something that I don't care about as I have windows cross compiling without issues. But to help out with this I know we are gonna need more details on the setup and you are using to attempt to compile this. mingw install, ossec build instructions, whatever you do to help us out with this.
from ossec-hids.
@vichargrave could you also include a log of the output. Thank you
from ossec-hids.
Sorry, I haven't messed with the event channel stuff much. Most of my development has actually been on the 2.7.1 code and I just merged it into master. Will have to talk to @gaelmuller about the event channel stuff.
from ossec-hids.
@awiddersheim - Not really a big deal since it all builds on Linux. It's
just ironic that we can't build an OSSEC Windows agent on Windows. I'm a
CentOS/Ubuntu guy myself, but I have some stuff I want to do with the
registry integrity checking so it would be easier to develop and test on a
Windows system. I think this is a low priority in the grand scheme of
things. I just wanted to bring it to the community's attention.
At any rate I added this line to the win-pkg/make.bat file to build the
event channel:
"C:\MinGW\bin\gcc.exe" -o ossec-agent-eventchannel.exe -Wall
-DARGV0="ossec-agent" -DCLIENT -DWIN32 -DOSSECHIDS
-DEVENTCHANNEL_SUPPORT icon.o os_regex/.c os_net/.c os_xml/.c
zlib-1.2.8/.c config/.c shared/.c os_execd/.c os_crypto/blowfish/.c
os_crypto/md5/.c os_crypto/sha1/.c os_crypto/md5_sha1/.c
os_crypto/shared/.c rootcheck/*.c *.c -Iheaders/ -I. -lwsock32 -lwevtapi
I've enclosed the output I get from invoking make.bat. Line 36 is where
the fatality occurs:
read_win_event_channel.c:31:20: fatal error: winevt.h: No such file or
directory
#include <winevt.h>
^
The <winevt.h> header is not present in the MingW environment for Windows.
If there is a way to build the event channel stuff with the Mingw headers
that are included that would be better.
But again I don't think this is a high priority issue by any means.
On Thu, Mar 20, 2014 at 10:18 AM, awiddersheim [email protected]:
Sorry, I haven't messed with the event channel stuff much. Most of my
development has actually been on the 2.7.1 code and I just merged it into
master. Will have to talk to @gaelmuller https://github.com/gaelmullerabout the event channel stuff.Reply to this email directly or view it on GitHubhttps://github.com//issues/152#issuecomment-38195133
.
from ossec-hids.
I wouldn't mind seeing the eventchannel stuff getting more love. While I don't think it is a big deal that it can't be compiled on Windows I would like to see it get fixed.
I even had issues getting it to compile on my RHEL machine because I couldn't find the right MingW packages. I don't think EPEL had them and RHEL doesn't ship with them. Granted I didn't try very hard to find the right ones but it was somewhat of a hassle none the less.
from ossec-hids.
I think if the event channel code is coerced to build on the MingW
environment on Windows, then I'm guessing it will build easily on RHEL or
CentOS.
On Thu, Mar 20, 2014 at 12:01 PM, awiddersheim [email protected]:
I wouldn't mind seeing the eventchannel stuff getting more love. While I
don't think it is a big deal that it can't be compiled on Windows I would
like to see it get fixed.I even had issues getting it to compile on my RHEL machine because I
couldn't find the right MingW packages. I don't think EPEL had them and
RHEL doesn't ship with them. Granted I didn't try very hard to find the
right ones but it was somewhat of a hassle none the less.Reply to this email directly or view it on GitHubhttps://github.com//issues/152#issuecomment-38207721
.
from ossec-hids.
All the compilation problems I have seen regarding eventchannel support was due to the use of the wrong mingw. You have to use Mingw-w64. It is the only one to support the new event API provided in winevt.h.
I did not test it on Windows though. Can you confirm that you are using http://mingw-w64.sourceforge.net ?
from ossec-hids.
I am not and as far as I can tell, mingw-64 is not available on Windows. By "available" I mean runs on Windows.
On Mar 20, 2014, at 1:53 PM, Gael Muller [email protected] wrote:
All the compilation problems I have seen regarding eventchannel support was due to the use of the wrong mingw. You have to use Mingw-w64. It is the only one to support the new event API provided in winevt.h.
I did not test it on Windows though. Can you confirm that you are using http://mingw-w64.sourceforge.net ?
—
Reply to this email directly or view it on GitHub.
from ossec-hids.
I have been reading up more on this and here is the best summary of the differences:
http://qt-project.org/wiki/MinGW-64-bit
http://sourceforge.net/apps/trac/mingw-w64/wiki/History
Basically Minge-w64 has more features and looks to be used by more and more cross compiling apps, but the team does not make binary releases of the software available.
from ossec-hids.
http://ascend4.org/Setting_up_a_MinGW-w64_build_environment this might have some info on how to do it on windows.
from ossec-hids.
OK thanks I'll take a look at it.
On Mar 21, 2014, at 10:03 PM, Jeremy Rossi [email protected] wrote:
http://ascend4.org/Setting_up_a_MinGW-w64_build_environment this might have some info on how to do it on windows.
—
Reply to this email directly or view it on GitHub.
from ossec-hids.
Closing this issue as no one is working to active address this on windows as the linux build works. please Reopen if this is a requirement for something :)
from ossec-hids.
Related Issues (20)
- syslog_output on Solaris 11.4 (SPARC), OSSEC 3.7.0
- Change OSSEC_GROUP HOT 2
- OSSEC Version migration HOT 2
- Issues with File Integrity Monitoring (Syscheck) HOT 4
- Some vulnerabilities are not fixed since 2020 HOT 4
- It does not work in `Amazon Linux 2023` HOT 6
- Better error message for "ossec-testrule: currently_rule not set!" HOT 4
- Custom Rules HOT 1
- Null
- syscheck HOT 1
- incorect layout for debian bookworm and bullseye repos HOT 3
- ERROR: SSL read (unable to receive message) OSSEC HOT 1
- sslv3 alert handshake failure
- Missing repo data for Ubuntu Jammy HOT 1
- /var/ossec/etc/ossec.conf and Ansible community.general.xml
- [HELP]
- Problem with decoders HOT 1
- ossec-analysisd leaks memory.
- Journald read in 1001 seconds bursts HOT 8
- Link doesn't exists
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from ossec-hids.