Oke doke Thank you.
On Wed, Jun 29, 2011 at 1:36 AM, Christopher Moraes <[email protected]>wrote: > No. No changes to the manager are needed. > > > On Tue, Jun 28, 2011 at 3:27 PM, SystemAli <[email protected]> wrote: > >> Dan : >> >> do we also need to modify the Manager in any way for these new log files >> to get logged there ? >> >> >> >> On Wed, Jun 29, 2011 at 12:42 AM, dan (ddp) <[email protected]> wrote: >> >>> There's an extra '<' character on the last line. >>> >>> # /var/ossec/bin/ossec-logtest -t -c ./ossec.test >>> 2011/06/28 15:10:52 ossec-config(1226): ERROR: Error reading XML file >>> './ossec.test': XML ERR: End of file and some elements were not closed >>> (line 79). >>> 2011/06/28 15:10:52 ossec-testrule(1202): ERROR: Configuration error >>> at './ossec.test'. Exiting. >>> # echo $? >>> 1 >>> >>> ## REMOVE THE EXTRA '<' ON THE LAST LINE >>> >>> # /var/ossec/bin/ossec-logtest -t -c ./ossec.test >>> 2011/06/28 15:11:15 ossec-testrule: INFO: Reading local decoder file. >>> # echo $? >>> 0 >>> >>> >>> On Tue, Jun 28, 2011 at 3:06 PM, SystemAli <[email protected]> wrote: >>> > Dan : >>> > My conf file is attached >>> > >>> > Thank you so much for extending your helping hand. >>> > >>> > On Wed, Jun 29, 2011 at 12:19 AM, dan (ddp) <[email protected]> wrote: >>> >> >>> >> On Tue, Jun 28, 2011 at 2:33 PM, SystemAli <[email protected]> >>> wrote: >>> >> > Yes, >>> >> > the first one is an Apache format, DO i need to change the >>> LOG_FORMAT >>> >> > for >>> >> > this ? if yes, then what ? >>> >> >>> >> <log_format>apache</log_format> >>> >> >>> >> > And yes. there were additional "</ossec_config>" in the file which i >>> >> > have >>> >> > removed, But yet get the same error :( >>> >> > than you once again >>> >> > >>> >> >>> >> There's either an extra </ossec_config> still in the file, or the >>> >> "<ossec_config" in the message you sent is causing the breakage. >>> >> Feel free to send me the ossec.conf, I can try to read it for you. >>> >> >>> >> > On Tue, Jun 28, 2011 at 11:48 PM, dan (ddp) <[email protected]> >>> wrote: >>> >> >> >>> >> >> Hi SystemAli, >>> >> >> >>> >> >> On Tue, Jun 28, 2011 at 2:10 PM, SystemAli <[email protected]> >>> wrote: >>> >> >> > Chris : >>> >> >> > I edited the ossec.conf and added these container in it :- >>> >> >> > <localfile> >>> >> >> > <log_format>syslog</log_format> >>> >> >> > <location>/usr/local/apache/logs/access_log</location> >>> >> >> > </localfile> >>> >> >> >>> >> >> This is probably in the apache format >>> >> >> >>> >> >> > </ossec_config> >>> >> >> >>> >> >> This </ossec_config> tag seems to be in the wrong place. >>> >> >> >>> >> >> > <localfile> >>> >> >> > <log_format>syslog</log_format> >>> >> >> > <location>/usr/local/cpanel/logs/access_log</location> >>> >> >> > </localfile> >>> >> >> >>> >> >> I haven't seen it, but I'm guessing this will also be in the apache >>> >> >> format. >>> >> >> Have you ever looked at the logs? >>> >> >> >>> >> >> > But when i restart ossec i get this error :- >>> >> >> > /var/ossec/bin/ossec-control start >>> >> >> > Starting OSSEC HIDS v2.5.1 (by Trend Micro Inc.)... >>> >> >> > 2011/06/28 23:39:58 ossec-execd(1226): ERROR: Error reading XML >>> file >>> >> >> > '/var/ossec/etc/ossec.conf': XML ERR: Element not closed: >>> >> >> > <ossec_config >>> >> >> > (line 68). >>> >> >> > Can you suggest how to resolve this ? >>> >> >> > >>> >> >> >>> >> >> Look at line 68 or above. Look for a line that says "<ossec_config" >>> >> >> Or, check for an <ossec_config> without an </ossec_config>. >>> >> >> >>> >> >> Anything in a <> will need a corresponding </>. >>> >> > >>> >> > >>> >> > >>> >> > -- >>> >> > "Want to be a leader? Wash the Dishes When Nobody Else Will" >>> >> > >>> > >>> > >>> > >>> > -- >>> > "Want to be a leader? Wash the Dishes When Nobody Else Will" >>> > >>> >> >> >> >> -- >> "Want to be a leader? Wash the Dishes When Nobody Else >> Will<http://thesash.me/wash-the-dishes-when-nobody-else-will> >> " >> > > -- "Want to be a leader? Wash the Dishes When Nobody Else Will<http://thesash.me/wash-the-dishes-when-nobody-else-will> "
