I think we need more info! Do any errors appear in ossec.log?
My ossec.log is in /usr/local/ossec-hids/logs When I've had configuration errors popup, ossec writes some pretty detailed stuff. For example: 2019/05/05 18:42:53 ossec-monitord(1230): ERROR: Invalid element in the configuration: 'smtp_server'. 2019/05/05 18:42:53 ossec-monitord(1202): ERROR: Configuration error at '/usr/local/ossec-hids/etc/ossec.conf'. Exiting. 2019/05/05 18:42:53 ossec-monitord(1202): ERROR: Configuration error at '/usr/local/ossec-hids/etc/ossec.conf'. Exiting. 2019/05/06 00:55:50 ossec-testrule(1226): ERROR: Error reading XML file '/usr/local/ossec-hids/etc/ossec.conf': XMLERR: Element 'rule_id="100400"' not clo sed. (line 392). 2019/05/06 00:55:50 ossec-testrule(1202): ERROR: Configuration error at '/usr/local/ossec-hids/etc/ossec.conf'. Exiting. 2019/05/16 14:17:32 ossec-testrule(1226): ERROR: Error reading XML file '/usr/local/ossec-hids/etc/ossec.conf': XMLERR: Attribute 'disabled' has no value. (line 275). 2019/05/16 14:17:32 ossec-testrule(1202): ERROR: Configuration error at '/usr/local/ossec-hids/etc/ossec.conf'. Exiting. and so on... check the log...or post it to the list. Let's dig into it! On Saturday, June 1, 2019 at 12:06:52 PM UTC-4, Carlos Lopez wrote: > > Sorry for this late response. Problem continues. When I try to start > agent using ossec-control command, same error is returned: > > Starting OSSEC HIDS v3.3.0... > OSSEC analysisd: Testing rules failed. Configuration error. Exiting. > > On the other side, removing entries about port and protocol in agent > ossec.conf's file like Gordon said, it doesn't work also. > > More ideas? > > Regards, > C. L. Martinez > > On 29/05/2019 13:14, dan (ddp) wrote: > > On Sat, May 25, 2019 at 1:53 PM Carlos Lopez <clo...@outlook.com > <javascript:>> wrote: > >> > >> > >> > >> > >> > >> On 25/05/2019 18:52, Carlos Lopez wrote: > >>> Hi all, > >>> > >>> I have installed Ossec 3.3.0 from source in a FreeBSD 12 host to > work > >>> as an agent, but when I try to start ossec daemons via ossec-control > >>> script returns this error: > >>> > >>> Starting OSSEC HIDS v3.3.0... > >>> OSSEC analysisd: Testing rules failed. Configuration error. Exiting. > >>> > > > > This error should only happen on Server and Local installations. > > > >>> My ossec.conf in this agent is pretty simple: > >>> > >>> <ossec_config> > >>> <client> > >>> <server> > >>> <address>172.22.59.11</address> > >>> <port>2312</port> > >>> <protocol>udp</protocol> > >>> </server> > >>> </client> > >>> </ossec_config> > >>> > >>> Any tips? > >>> > >> > >> My install options was: > >> > >> cd ossec-hids-*/src > >> gmake TARGET=agent PCRE2_SYSTEM=yes ZLIB_SYSTEM=yes USE_INOTIFY=yes > >> gmake install-agent > >> > >> -- > >> > >> --- > >> You received this message because you are subscribed to the Google > Groups "ossec-list" group. > >> To unsubscribe from this group and stop receiving emails from it, send > an email to ossec...@googlegroups.com <javascript:>. > >> To view this discussion on the web visit > https://groups.google.com/d/msgid/ossec-list/VI1PR10MB22536682B88E2CFA0A9B2994DB030%40VI1PR10MB2253.EURPRD10.PROD.OUTLOOK.COM. > > > >> For more options, visit https://groups.google.com/d/optout. > > > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ossec-list/e11018f8-fa46-49f8-bd8d-adf1a1da1c50%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
