2010/12/1 Shaikat Majumdar <[email protected]>: > I have created a agent.conf file for centralized agent configuration > (/var/ossec/etc/shared/agent.conf). The file is attached. > > I am trying to test OSSEC rules/config before deploying these changes. > > So I followed the instructions posted on the link > http://www.ossec.net/main/manual/creating-a-separated-directory-for-testing-ossec-rulesconfig/ > and then tried to run the following command. > > I created the directory ossectest under "~/sandbox" instead of using the > "/tmp" directory. > > /var/ossec/bin/ossec-logtest -D ~/sandbox/ossectest/ -c > ~/sandbox/ossectest/etc/shared/agent.conf >
You need to use etc/ossec.conf with logtest, it doesn't check on the agent.conf. > 2010/12/01 12:07:50 ossec-config(1230): ERROR: Invalid element in the > configuration: 'agent_config'. > 2010/12/01 12:07:50 ossec-testrule(1202): ERROR: Configuration error at > '/home/smajumdar/sandbox/ossectest/etc/shared/agent.conf'. Exiting. > > Can someone explain what this error message means and how it can be > rectified ?? > > > I am using OSSEC HIDS v2.5.1 > > /var/ossec/bin/ossec-logtest -V > > OSSEC HIDS v2.5.1 - Trend Micro Inc. > > This program is free software; you can redistribute it and/or modify > it under the terms of the GNU General Public License (version 2) as > published by the Free Software Foundation. For more details, go to > http://www.ossec.net/main/license/ > > > Thanks, > Shaikat Majumdar > Millburn Ridgefield Corporation >
