Hi SystemAli, On Tue, Jun 28, 2011 at 2:10 PM, SystemAli <[email protected]> wrote: > Chris : > I edited the ossec.conf and added these container in it :- > <localfile> > <log_format>syslog</log_format> > <location>/usr/local/apache/logs/access_log</location> > </localfile>
This is probably in the apache format > </ossec_config> This </ossec_config> tag seems to be in the wrong place. > <localfile> > <log_format>syslog</log_format> > <location>/usr/local/cpanel/logs/access_log</location> > </localfile> I haven't seen it, but I'm guessing this will also be in the apache format. Have you ever looked at the logs? > But when i restart ossec i get this error :- > /var/ossec/bin/ossec-control start > Starting OSSEC HIDS v2.5.1 (by Trend Micro Inc.)... > 2011/06/28 23:39:58 ossec-execd(1226): ERROR: Error reading XML file > '/var/ossec/etc/ossec.conf': XML ERR: Element not closed: <ossec_config > (line 68). > Can you suggest how to resolve this ? > Look at line 68 or above. Look for a line that says "<ossec_config" Or, check for an <ossec_config> without an </ossec_config>. Anything in a <> will need a corresponding </>.
