On Tue, Jun 28, 2011 at 2:33 PM, SystemAli <[email protected]> wrote: > Yes, > the first one is an Apache format, DO i need to change the LOG_FORMAT for > this ? if yes, then what ?
<log_format>apache</log_format> > And yes. there were additional "</ossec_config>" in the file which i have > removed, But yet get the same error :( > than you once again > There's either an extra </ossec_config> still in the file, or the "<ossec_config" in the message you sent is causing the breakage. Feel free to send me the ossec.conf, I can try to read it for you. > On Tue, Jun 28, 2011 at 11:48 PM, dan (ddp) <[email protected]> wrote: >> >> Hi SystemAli, >> >> On Tue, Jun 28, 2011 at 2:10 PM, SystemAli <[email protected]> wrote: >> > Chris : >> > I edited the ossec.conf and added these container in it :- >> > <localfile> >> > <log_format>syslog</log_format> >> > <location>/usr/local/apache/logs/access_log</location> >> > </localfile> >> >> This is probably in the apache format >> >> > </ossec_config> >> >> This </ossec_config> tag seems to be in the wrong place. >> >> > <localfile> >> > <log_format>syslog</log_format> >> > <location>/usr/local/cpanel/logs/access_log</location> >> > </localfile> >> >> I haven't seen it, but I'm guessing this will also be in the apache >> format. >> Have you ever looked at the logs? >> >> > But when i restart ossec i get this error :- >> > /var/ossec/bin/ossec-control start >> > Starting OSSEC HIDS v2.5.1 (by Trend Micro Inc.)... >> > 2011/06/28 23:39:58 ossec-execd(1226): ERROR: Error reading XML file >> > '/var/ossec/etc/ossec.conf': XML ERR: Element not closed: <ossec_config >> > (line 68). >> > Can you suggest how to resolve this ? >> > >> >> Look at line 68 or above. Look for a line that says "<ossec_config" >> Or, check for an <ossec_config> without an </ossec_config>. >> >> Anything in a <> will need a corresponding </>. > > > > -- > "Want to be a leader? Wash the Dishes When Nobody Else Will" >
