subject:"Re\: \[ossec\-list\] Error starting an agent under FreeBSD"

Re: [ossec-list] Error starting an agent under FreeBSD

2019-06-02 Thread Dave Stoddard

I have seen errors like this in FreeBSD. To track them down, you need to 
use ossec-logtest to find the problem.
Try this command in OSSEC (located in the bin subdirectory of OSSEC):

ossec-logtest -d -d -d -t -v

If the error is not obvious (usually the last line or two), pipe its output 
to a file and you can use vi, grep, or some other tool to examine it.

ossec-logtest -d -d -d -t -v 2>&1 > loginfo.txt
grep -i error loginfo.txt

The error will be apparent once you run this command. Good luck.

Dave Stoddard
Network Alarm Corporation

-- 

--- 
You received this message because you are subscribed to the Google Groups 
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ossec-list+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ossec-list/3ce81839-50fa-45f2-b675-71a50bfb7f7d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ossec-list] Error starting an agent under FreeBSD

2019-06-02 Thread Carlos Lopez

This is the problem: ossec.log is empty ... The only error is this:

OSSEC analysisd: Testing rules failed. Configuration error. Exiting.

.. and It doesn't make sense because it is an agent ...

Regards,
C. L. Martinez

On 01/06/2019 19:25, Gordon Ewasiuk wrote:
> I think we need more info!
> 
> Do any errors appear in ossec.log?
> 
> My ossec.log is in /usr/local/ossec-hids/logs
> 
> When I've had configuration errors popup, ossec writes some pretty 
> detailed stuff.  For example:
> 
> 2019/05/05 18:42:53 ossec-monitord(1230): ERROR: Invalid element in the 
> configuration: 'smtp_server'.
> 2019/05/05 18:42:53 ossec-monitord(1202): ERROR: Configuration error at 
> '/usr/local/ossec-hids/etc/ossec.conf'. Exiting.
> 2019/05/05 18:42:53 ossec-monitord(1202): ERROR: Configuration error at 
> '/usr/local/ossec-hids/etc/ossec.conf'. Exiting.
> 
> 
> 2019/05/06 00:55:50 ossec-testrule(1226): ERROR: Error reading XML file 
> '/usr/local/ossec-hids/etc/ossec.conf': XMLERR: Element 
> 'rule_id="100400"' not clo
> sed. (line 392).
> 2019/05/06 00:55:50 ossec-testrule(1202): ERROR: Configuration error at 
> '/usr/local/ossec-hids/etc/ossec.conf'. Exiting.
> 
> 2019/05/16 14:17:32 ossec-testrule(1226): ERROR: Error reading XML file 
> '/usr/local/ossec-hids/etc/ossec.conf': XMLERR: Attribute 'disabled' has 
> no value.
>   (line 275).
> 2019/05/16 14:17:32 ossec-testrule(1202): ERROR: Configuration error at 
> '/usr/local/ossec-hids/etc/ossec.conf'. Exiting.
> 
> and so on...
> 
> check the log...or post it to the list.  Let's dig into it!
> 
> 
> 
> 
> 
> On Saturday, June 1, 2019 at 12:06:52 PM UTC-4, Carlos Lopez wrote:
> 
> Sorry for this late response. Problem continues. When I try to start
> agent using ossec-control command, same error is returned:
> 
> Starting OSSEC HIDS v3.3.0...
> OSSEC analysisd: Testing rules failed. Configuration error. Exiting.
> 
> On the other side, removing entries about port and protocol in agent
> ossec.conf's file like Gordon said, it doesn't work also.
> 
> More ideas?
> 
> Regards,
> C. L. Martinez
> 
> On 29/05/2019 13:14, dan (ddp) wrote:
>  > On Sat, May 25, 2019 at 1:53 PM Carlos Lopez  > wrote:
>  >>
>  >>
>  >>
>  >>
>  >>
>  >> On 25/05/2019 18:52, Carlos Lopez wrote:
>  >>> Hi all,
>  >>>
>  >>>     I have installed Ossec 3.3.0 from source in a FreeBSD 12
> host to work
>  >>> as an agent, but when I try to start ossec daemons via
> ossec-control
>  >>> script returns this error:
>  >>>
>  >>> Starting OSSEC HIDS v3.3.0...
>  >>> OSSEC analysisd: Testing rules failed. Configuration error.
> Exiting.
>  >>>
>  >
>  > This error should only happen on Server and Local installations.
>  >
>  >>>     My ossec.conf in this agent is pretty simple:
>  >>>
>  >>> 
>  >>>        
>  >>>                
>  >>>                        172.22.59.11
>  >>>                        2312
>  >>>                        udp
>  >>>                
>  >>>        
>  >>> 
>  >>>
>  >>> Any tips?
>  >>>
>  >>
>  >> My install options was:
>  >>
>  >> cd ossec-hids-*/src
>  >> gmake TARGET=agent PCRE2_SYSTEM=yes ZLIB_SYSTEM=yes USE_INOTIFY=yes
>  >> gmake install-agent
>  >>
>  >> --
>  >>
>  >> ---
>  >> You received this message because you are subscribed to the
> Google Groups "ossec-list" group.
>  >> To unsubscribe from this group and stop receiving emails from
> it, send an email to ossec...@googlegroups.com .
>  >> To view this discussion on the web visit
> 
> https://groups.google.com/d/msgid/ossec-list/VI1PR10MB22536682B88E2CFA0A9B2994DB030%40VI1PR10MB2253.EURPRD10.PROD.OUTLOOK.COM
> 
> .
> 
>  >> For more options, visit https://groups.google.com/d/optout
> .
>  >
> 
> -- 
> 
> ---
> You received this message because you are subscribed to the Google 
> Groups "ossec-list" group.
> To unsubscribe from this group and stop receiving emails from it, send 
> an email to ossec-list+unsubscr...@googlegroups.com 
> .
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/ossec-list/e11018f8-fa46-49f8-bd8d-adf1a1da1c50%40googlegroups.com
>  
> .
> For more options, visit https://groups.google.com/d/optout.

-- 

--- 
You received this message because you are subscribed to the Google Groups 
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ossec-list+unsubscr...@googlegroups.com.
To view this discussion on the web

Re: [ossec-list] Error starting an agent under FreeBSD

2019-06-01 Thread Gordon Ewasiuk

I think we need more info!

Do any errors appear in ossec.log?

My ossec.log is in /usr/local/ossec-hids/logs

When I've had configuration errors popup, ossec writes some pretty detailed 
stuff.  For example:

2019/05/05 18:42:53 ossec-monitord(1230): ERROR: Invalid element in the 
configuration: 'smtp_server'.
2019/05/05 18:42:53 ossec-monitord(1202): ERROR: Configuration error at 
'/usr/local/ossec-hids/etc/ossec.conf'. Exiting.
2019/05/05 18:42:53 ossec-monitord(1202): ERROR: Configuration error at 
'/usr/local/ossec-hids/etc/ossec.conf'. Exiting.

2019/05/06 00:55:50 ossec-testrule(1226): ERROR: Error reading XML file 
'/usr/local/ossec-hids/etc/ossec.conf': XMLERR: Element 'rule_id="100400"' 
not clo
sed. (line 392).
2019/05/06 00:55:50 ossec-testrule(1202): ERROR: Configuration error at 
'/usr/local/ossec-hids/etc/ossec.conf'. Exiting.

2019/05/16 14:17:32 ossec-testrule(1226): ERROR: Error reading XML file 
'/usr/local/ossec-hids/etc/ossec.conf': XMLERR: Attribute 'disabled' has no 
value.
 (line 275).
2019/05/16 14:17:32 ossec-testrule(1202): ERROR: Configuration error at 
'/usr/local/ossec-hids/etc/ossec.conf'. Exiting.

and so on...

check the log...or post it to the list.  Let's dig into it!

On Saturday, June 1, 2019 at 12:06:52 PM UTC-4, Carlos Lopez wrote:
>
> Sorry for this late response. Problem continues. When I try to start 
> agent using ossec-control command, same error is returned: 
>
> Starting OSSEC HIDS v3.3.0... 
> OSSEC analysisd: Testing rules failed. Configuration error. Exiting. 
>
> On the other side, removing entries about port and protocol in agent 
> ossec.conf's file like Gordon said, it doesn't work also. 
>
> More ideas? 
>
> Regards, 
> C. L. Martinez 
>
> On 29/05/2019 13:14, dan (ddp) wrote: 
> > On Sat, May 25, 2019 at 1:53 PM Carlos Lopez  > wrote: 
> >> 
> >> 
> >> 
> >> 
> >> 
> >> On 25/05/2019 18:52, Carlos Lopez wrote: 
> >>> Hi all, 
> >>> 
> >>> I have installed Ossec 3.3.0 from source in a FreeBSD 12 host to 
> work 
> >>> as an agent, but when I try to start ossec daemons via ossec-control 
> >>> script returns this error: 
> >>> 
> >>> Starting OSSEC HIDS v3.3.0... 
> >>> OSSEC analysisd: Testing rules failed. Configuration error. Exiting. 
> >>> 
> > 
> > This error should only happen on Server and Local installations. 
> > 
> >>> My ossec.conf in this agent is pretty simple: 
> >>> 
> >>>  
> >>> 
> >>> 
> >>>172.22.59.11 
> >>>2312 
> >>>udp 
> >>> 
> >>> 
> >>>  
> >>> 
> >>> Any tips? 
> >>> 
> >> 
> >> My install options was: 
> >> 
> >> cd ossec-hids-*/src 
> >> gmake TARGET=agent PCRE2_SYSTEM=yes ZLIB_SYSTEM=yes USE_INOTIFY=yes 
> >> gmake install-agent 
> >> 
> >> -- 
> >> 
> >> --- 
> >> You received this message because you are subscribed to the Google 
> Groups "ossec-list" group. 
> >> To unsubscribe from this group and stop receiving emails from it, send 
> an email to ossec...@googlegroups.com . 
> >> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/ossec-list/VI1PR10MB22536682B88E2CFA0A9B2994DB030%40VI1PR10MB2253.EURPRD10.PROD.OUTLOOK.COM.
>  
>
> >> For more options, visit https://groups.google.com/d/optout. 
> > 
>

-- 

--- 
You received this message because you are subscribed to the Google Groups 
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ossec-list+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ossec-list/e11018f8-fa46-49f8-bd8d-adf1a1da1c50%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ossec-list] Error starting an agent under FreeBSD

2019-06-01 Thread Carlos Lopez

Sorry for this late response. Problem continues. When I try to start 
agent using ossec-control command, same error is returned:

Starting OSSEC HIDS v3.3.0...
OSSEC analysisd: Testing rules failed. Configuration error. Exiting.

On the other side, removing entries about port and protocol in agent 
ossec.conf's file like Gordon said, it doesn't work also.

More ideas?

Regards,
C. L. Martinez

On 29/05/2019 13:14, dan (ddp) wrote:
> On Sat, May 25, 2019 at 1:53 PM Carlos Lopez  wrote:
>>
>>
>>
>>
>>
>> On 25/05/2019 18:52, Carlos Lopez wrote:
>>> Hi all,
>>>
>>> I have installed Ossec 3.3.0 from source in a FreeBSD 12 host to work
>>> as an agent, but when I try to start ossec daemons via ossec-control
>>> script returns this error:
>>>
>>> Starting OSSEC HIDS v3.3.0...
>>> OSSEC analysisd: Testing rules failed. Configuration error. Exiting.
>>>
> 
> This error should only happen on Server and Local installations.
> 
>>> My ossec.conf in this agent is pretty simple:
>>>
>>> 
>>>
>>>
>>>172.22.59.11
>>>2312
>>>udp
>>>
>>>
>>> 
>>>
>>> Any tips?
>>>
>>
>> My install options was:
>>
>> cd ossec-hids-*/src
>> gmake TARGET=agent PCRE2_SYSTEM=yes ZLIB_SYSTEM=yes USE_INOTIFY=yes
>> gmake install-agent
>>
>> --
>>
>> ---
>> You received this message because you are subscribed to the Google Groups 
>> "ossec-list" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to ossec-list+unsubscr...@googlegroups.com.
>> To view this discussion on the web visit 
>> https://groups.google.com/d/msgid/ossec-list/VI1PR10MB22536682B88E2CFA0A9B2994DB030%40VI1PR10MB2253.EURPRD10.PROD.OUTLOOK.COM.
>> For more options, visit https://groups.google.com/d/optout.
> 

-- 

--- 
You received this message because you are subscribed to the Google Groups 
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ossec-list+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ossec-list/VI1PR10MB2253E0D4F831BB6CA5BB13CEDB1A0%40VI1PR10MB2253.EURPRD10.PROD.OUTLOOK.COM.
For more options, visit https://groups.google.com/d/optout.

Re: [ossec-list] Error starting an agent under FreeBSD

2019-05-29 Thread dan (ddp)

On Sat, May 25, 2019 at 1:53 PM Carlos Lopez  wrote:
>
>
>
>
>
> On 25/05/2019 18:52, Carlos Lopez wrote:
> > Hi all,
> >
> >I have installed Ossec 3.3.0 from source in a FreeBSD 12 host to work
> > as an agent, but when I try to start ossec daemons via ossec-control
> > script returns this error:
> >
> > Starting OSSEC HIDS v3.3.0...
> > OSSEC analysisd: Testing rules failed. Configuration error. Exiting.
> >

This error should only happen on Server and Local installations.

> >My ossec.conf in this agent is pretty simple:
> >
> > 
> >   
> >   
> >   172.22.59.11
> >   2312
> >   udp
> >   
> >   
> > 
> >
> > Any tips?
> >
>
> My install options was:
>
> cd ossec-hids-*/src
> gmake TARGET=agent PCRE2_SYSTEM=yes ZLIB_SYSTEM=yes USE_INOTIFY=yes
> gmake install-agent
>
> --
>
> ---
> You received this message because you are subscribed to the Google Groups 
> "ossec-list" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to ossec-list+unsubscr...@googlegroups.com.
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/ossec-list/VI1PR10MB22536682B88E2CFA0A9B2994DB030%40VI1PR10MB2253.EURPRD10.PROD.OUTLOOK.COM.
> For more options, visit https://groups.google.com/d/optout.

-- 

--- 
You received this message because you are subscribed to the Google Groups 
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ossec-list+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ossec-list/CAMyQvMoXMfMVKBku09rh%2BVSUj3V9pTh_DSZi7WM%3DDoQMMBz_DQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ossec-list] Error starting an agent under FreeBSD

2019-05-25 Thread Carlos Lopez






On 25/05/2019 18:52, Carlos Lopez wrote:
> Hi all,
> 
>I have installed Ossec 3.3.0 from source in a FreeBSD 12 host to work
> as an agent, but when I try to start ossec daemons via ossec-control
> script returns this error:
> 
> Starting OSSEC HIDS v3.3.0...
> OSSEC analysisd: Testing rules failed. Configuration error. Exiting.
> 
>My ossec.conf in this agent is pretty simple:
> 
> 
>   
>   
>   172.22.59.11
>   2312
>   udp
>   
>   
> 
> 
> Any tips?
> 

My install options was:

cd ossec-hids-*/src
gmake TARGET=agent PCRE2_SYSTEM=yes ZLIB_SYSTEM=yes USE_INOTIFY=yes
gmake install-agent

-- 

--- 
You received this message because you are subscribed to the Google Groups 
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ossec-list+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ossec-list/VI1PR10MB22536682B88E2CFA0A9B2994DB030%40VI1PR10MB2253.EURPRD10.PROD.OUTLOOK.COM.
For more options, visit https://groups.google.com/d/optout.

Re: [ossec-list] Error starting an agent under FreeBSD

Re: [ossec-list] Error starting an agent under FreeBSD

Re: [ossec-list] Error starting an agent under FreeBSD

Re: [ossec-list] Error starting an agent under FreeBSD

Re: [ossec-list] Error starting an agent under FreeBSD

Re: [ossec-list] Error starting an agent under FreeBSD

6 matches

Site Navigation

Mail list logo

Footer information