Yes, the first one is an Apache format, DO i need to change the LOG_FORMAT for this ? if yes, then what ?
And yes. there were additional "</ossec_config>" in the file which i have removed, But yet get the same error :( than you once again On Tue, Jun 28, 2011 at 11:48 PM, dan (ddp) <[email protected]> wrote: > Hi SystemAli, > > On Tue, Jun 28, 2011 at 2:10 PM, SystemAli <[email protected]> wrote: > > Chris : > > I edited the ossec.conf and added these container in it :- > > <localfile> > > <log_format>syslog</log_format> > > <location>/usr/local/apache/logs/access_log</location> > > </localfile> > > This is probably in the apache format > > > </ossec_config> > > This </ossec_config> tag seems to be in the wrong place. > > > <localfile> > > <log_format>syslog</log_format> > > <location>/usr/local/cpanel/logs/access_log</location> > > </localfile> > > I haven't seen it, but I'm guessing this will also be in the apache format. > Have you ever looked at the logs? > > > But when i restart ossec i get this error :- > > /var/ossec/bin/ossec-control start > > Starting OSSEC HIDS v2.5.1 (by Trend Micro Inc.)... > > 2011/06/28 23:39:58 ossec-execd(1226): ERROR: Error reading XML file > > '/var/ossec/etc/ossec.conf': XML ERR: Element not closed: <ossec_config > > (line 68). > > Can you suggest how to resolve this ? > > > > Look at line 68 or above. Look for a line that says "<ossec_config" > Or, check for an <ossec_config> without an </ossec_config>. > > Anything in a <> will need a corresponding </>. > -- "Want to be a leader? Wash the Dishes When Nobody Else Will<http://thesash.me/wash-the-dishes-when-nobody-else-will> "
