I updated OSSEC to 2.4 (though the -V still report 2.3) and now ossec-logtest no longer starts. If I comment out the compiled rules in web_rules.xml it starts fine. This also doesn't seem to affect the program itself, just the logtest.
tes...@test:~# /var/ossec/bin/ossec-analysisd -V OSSEC HIDS v2.3 - Trend Micro Inc. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License (version 2) as published by the Free Software Foundation. For more details, go to http://www.ossec.net/main/license/ tes...@test:~# /etc/init.d/ossec status ossec-monitord is running... ossec-logcollector is running... ossec-remoted is running... ossec-syscheckd is running... ossec-analysisd is running... ossec-maild is running... ossec-execd is running... tes...@test:~# /var/ossec/bin/ossec-logtest 2010/04/05 10:25:57 ossec-analysisd: ERROR: Compiled rule not found: 'is_simple_ http_request' 2010/04/05 10:25:57 ossec-analysisd(1274): ERROR: Invalid configuration. Element 'compiled_rule': is_simple_http_request. 2010/04/05 10:25:57 ossec-testrule(1220): ERROR: Error loading the rules: 'web_r ules.xml'. -- To unsubscribe, reply using "remove me" as the subject.
