Thanks! I had not thought of this possibility, next time I check. Sorry.
On 28 juil, 17:13, Daniel Cid <[email protected]> wrote: > Hey, > > The issue is that the portsentry-attackalert was added to the release > already :) So it fails due to the > duplicated names... > > Thanks, > > -- > Daniel B. Cid > dcid @ ossec.net > > > > > > > > On Thu, Jul 28, 2011 at 11:56 AM, Blauch Armand <[email protected]> wrote: > > Hello, > > > I've tested before OSSEC 2.5 and I've use some decoder for porsentry. > > When I tried these decoders on OSSEC 2.6 I have some mistakes like > > theses: > > ******************************************************************* > > Started ossec-remoted... > > 2011/07/28 16:42:04 ossec-syscheckd(1210): ERROR: Queue '/etc/ossec/ > > queue/ossec/queue' not accessible: 'Connection refused'. > > 2011/07/28 16:42:04 ossec-rootcheck(1210): ERROR: Queue '/etc/ossec/ > > queue/ossec/queue' not accessible: 'Connection refused'. > > 2011/07/28 16:42:12 ossec-syscheckd(1210): ERROR: Queue '/etc/ossec/ > > queue/ossec/queue' not accessible: 'Connection refused'. > > 2011/07/28 16:42:12 ossec-rootcheck(1210): ERROR: Queue '/etc/ossec/ > > queue/ossec/queue' not accessible: 'Connection refused'. > > 2011/07/28 16:42:25 ossec-syscheckd(1210): ERROR: Queue '/etc/ossec/ > > queue/ossec/queue' not accessible: 'Connection refused'. > > 2011/07/28 16:42:25 ossec-rootcheck(1211): ERROR: Unable to access > > queue: '/etc/ossec/queue/ossec/queue'. Giving up.. > > ***************************************************************** > > > I tried many, many things, and I find my error, the new ossec 2.6 > > doesn't accept anymore the "-" in the decoder name. > > > When my decoder name is <decoder name="portsentry-attackalert">, ossec > > doesn't want to restart. > > When my decoder name is <decoder name="portsentryattackalert"> ossec > > restart without any problem. > > When my decoder name is <decoder name="portsentryattackalert2"> ossec > > restart without any problem. > > > I'm sorry if this issue was already documented, I haven't find the > > explanation on ossec website or in the 2.6 "What is new?" web page. > > May be this can help somebody. > > > It is normal? or it's a "bug" of the 2.6 release?
