On 02.02.2012 10:06, Oliver Mueller wrote: > If I add the following rule to local_rules.xml and try to test it with > ossec-logtest, I receive a > segfault (see below): > .. > > Is there any update planed to ossec soon?
works for me (RHEL 5.7 64bit): $ /var/ossec/bin/ossec-logtest -V OSSEC HIDS v2.6 - Trend Micro Inc. $ /var/ossec/bin/ossec-logtest ossec-testrule: Type one log per line. [Mon Jan 23 08:40:46 2012] [error] [client 192.168.0.123] user unknownUser not found: /myapp/ **Phase 1: Completed pre-decoding. full event: '[Mon Jan 23 08:40:46 2012] [error] [client 192.168.0.123] user unknownUser not found: /myapp/' hostname: 'myhost' program_name: '(null)' log: '[error] [client 192.168.0.123] user unknownUser not found: /myapp/' **Phase 2: Completed decoding. decoder: 'apache-errorlog' srcip: '192.168.0.123' **Phase 3: Completed filtering (rules). Rule id: '30109' Level: '9' Description: 'Attempt to login using a non-existent user.' **Alert to be generated. MfG, -ap