Yes I get the same error. Also, I want to configure my agents centrally so that is why I am using the agent.conf file.
However, as I stated above the error does not prevent the agent from restarting. Maybe this is a non-issue. I just wanted to clarify whether this error message can be safely ignored. On Dec 1, 12:36 pm, "dan (ddp)" <[email protected]> wrote: > On Wed, Dec 1, 2010 at 12:29 PM, Shaikat <[email protected]> wrote: > > Hi, > > > Thanks for answering my question. > > > Another related question to the agent.conf file. As you can see I am > > using the multi-line log_format introduced in version 2.5.1. > > > When I try to recycle an agent I get this error: > > > Started ossec-syscheckd... > > Completed. > > Killing ossec-logcollector .. > > Killing ossec-syscheckd .. > > Killing ossec-agentd .. > > Killing ossec-execd .. > > OSSEC HIDS v2.5.1 Stopped > > Starting OSSEC HIDS v2.5.1 (by Trend Micro Inc.)... > > Started ossec-execd... > > Started ossec-agentd... > > 2010/11/30 17:55:39 ossec-config(1235): ERROR: Invalid value for > > element 'log_format': multi-line. > > 2010/11/30 17:55:39 ossec-config(1202): ERROR: Configuration error at > > '/var/ossec/etc/shared/agent.conf'. Exiting.Started ossec- > > logcollector... > > > Both the server and the client are running the same version of OSSEC > > HIDS viz., version 2.5.1. > > > Inspite of the above error the agent starts up fine. > > > Any idea what this error message means and if it is not an error but > > just a warning is there anyway this message can be suppressed ? > > > Thanks again, > > Shaikat > > If you put that part of the configuration in the ossec.conf do you > still get the error? > > > > > > > > > > > On Dec 1, 12:16 pm, "dan (ddp)" <[email protected]> wrote: > >> 2010/12/1 Shaikat Majumdar <[email protected]>: > > >> > I have created a agent.conf file for centralized agent configuration > >> > (/var/ossec/etc/shared/agent.conf). The file is attached. > > >> > I am trying to test OSSEC rules/config before deploying these changes. > > >> > So I followed the instructions posted on the link > >> >http://www.ossec.net/main/manual/creating-a-separated-directory-for-t... > >> > and then tried to run the following command. > > >> > I created the directory ossectest under "~/sandbox" instead of using the > >> > "/tmp" directory. > > >> > /var/ossec/bin/ossec-logtest -D ~/sandbox/ossectest/ -c > >> > ~/sandbox/ossectest/etc/shared/agent.conf > > >> You need to use etc/ossec.conf with logtest, it doesn't check on the > >> agent.conf. > > >> > 2010/12/01 12:07:50 ossec-config(1230): ERROR: Invalid element in the > >> > configuration: 'agent_config'. > >> > 2010/12/01 12:07:50 ossec-testrule(1202): ERROR: Configuration error at > >> > '/home/smajumdar/sandbox/ossectest/etc/shared/agent.conf'. Exiting. > > >> > Can someone explain what this error message means and how it can be > >> > rectified ?? > > >> > I am using OSSEC HIDS v2.5.1 > > >> > /var/ossec/bin/ossec-logtest -V > > >> > OSSEC HIDS v2.5.1 - Trend Micro Inc. > > >> > This program is free software; you can redistribute it and/or modify > >> > it under the terms of the GNU General Public License (version 2) as > >> > published by the Free Software Foundation. For more details, go to > >> >http://www.ossec.net/main/license/ > > >> > Thanks, > >> > Shaikat Majumdar > >> > Millburn Ridgefield Corporation
