On Thu, Aug 18, 2011 at 7:56 AM, Peter M Abraham <[email protected]> wrote: > Good day, Dan: > > /var/ossec/bin/ossec-logtest -t > 2011/08/18 07:55:39 ossec-testrule: INFO: Reading local decoder file. >
Then there's a good chance your rules are fine. > > And nothing in /var/ossec/logs. > If there is NOTHING in /var/ossec/logs then something went wrong with the installation. What OS/distro/version are you using? Maybe there's an issue with that particular one. > > > What else can I try? > First time? ok, you can try: Providing us with more information. Like, when do you get the error? Where do you see the error? What have you tried (other than what I provided)? What did you change? Is ossec-analysisd actually dead? What do you see in ossec.log when you restart the ossec processes? I'm willing to bet that you hit the ossec-control script bug that has the wrong path to ossec-logtest. See if ossec-analysisd is actually running. > Thank you. >
