-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 03/21/2011 07:19 AM, Branimir Pačar wrote: > Hi all, > > 2011/03/21 12:03:36 ossec-analysisd(1226): ERROR: Error reading XML file > 'etc/decoder.xml': XML ERR: Element not closed: ; (line 1635).
What's on line 1635? > When I look in decoder.xml there is nothing ?suspicious? in line 1635. > only similiar thing close to that is trend-osce decoder That decoder matches what I have ... > After I've commented entire decoder, ossec-logtest passes this phase but > next thing is that it shows following error: Odd.. What you pasted in matches, character for character, what I have in my decoder. > 2011/03/21 12:10:40 ossec-analysisd: Invalid option 'compiled_rule' for > rule '31108'. > > 2011/03/21 12:10:40 ossec-testrule(1220): ERROR: Error loading the > rules: 'web_rules.xml'. > > Can anyone suggest me what to do so i could use ossec-logtest? It sounds like something didn't compile right.. You shouldn't be getting errors like this. Unfortunately, I haven't used AIX in forever, so I'm not 100% sure what would be different here that would cause this. Have you tried a different server and/or reinstalling? > Regards, > Branimir - -- - --------------------------- Jason 'XenoPhage' Frisvold [email protected] - --------------------------- "Any sufficiently advanced magic is indistinguishable from technology." - - Niven's Inverse of Clarke's Third Law -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.16 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAk2Hjj4ACgkQ8CjzPZyTUTTCJgCfSgomPheBT6vts4ywKUklcdtr HyMAoKlO318HFnnlQBDpPvOuCK/DIeZJ =zn5E -----END PGP SIGNATURE-----
