My ossec.conf fie:
--------------------------
<ossec_config>
<global>
<email_notification>yes</email_notification>
<email_to>[email protected]</email_to>
<smtp_server>ASPMX2.GOOGLEMAIL.com.</smtp_server>
<email_from>ossecm@ossec-server</email_from>
</global>
<database_output>
<hostname>localhost</hostname>
<username>root</username>
<password>root</password>
<database>ossec</database>
<type>mysql</type>
</database_output>
<rules>
<include>rules_config.xml</include>
<include>pam_rules.xml</include>
<include>sshd_rules.xml</include>
<include>telnetd_rules.xml</include>
<include>syslog_rules.xml</include>
<!-- <include>arpwatch_rules.xml</include> -->
<!-- <include>symantec-av_rules.xml</include> -->
<!-- <include>symantec-ws_rules.xml</include> -->
<!-- <include>pix_rules.xml</include> -->
<!-- <include>named_rules.xml</include> -->
<!-- <include>smbd_rules.xml</include> -->
<!-- <include>vsftpd_rules.xml</include> -->
<!-- <include>pure-ftpd_rules.xml</include> -->
<!-- <include>proftpd_rules.xml</include> -->
<!-- <include>ms_ftpd_rules.xml</include> -->
<!-- <include>ftpd_rules.xml</include> -->
<!-- <include>hordeimp_rules.xml</include> -->
<!-- <include>roundcube_rules.xml</include> -->
<!-- <include>wordpress_rules.xml</include> -->
<!-- <include>cimserver_rules.xml</include> -->
<!-- <include>vpopmail_rules.xml</include> -->
<!-- <include>vmpop3d_rules.xml</include> -->
<!-- <include>courier_rules.xml</include> -->
<!-- <include>web_rules.xml</include> -->
<!-- <include>web_appsec_rules.xml</include> -->
<!-- <include>apache_rules.xml</include> -->
<!-- <include>nginx_rules.xml</include> -->
<!-- <include>php_rules.xml</include> -->
<!-- <include>mysql_rules.xml</include> -->
<!-- <include>postgresql_rules.xml</include> -->
<!-- <include>ids_rules.xml</include> -->
<!-- <include>squid_rules.xml</include> -->
<!-- <include>firewall_rules.xml</include> -->
<!-- <include>cisco-ios_rules.xml</include> -->
<!-- <include>netscreenfw_rules.xml</include> -->
<!-- <include>sonicwall_rules.xml</include> -->
<!-- <include>postfix_rules.xml</include> -->
<!-- <include>sendmail_rules.xml</include> -->
<!-- <include>imapd_rules.xml</include> -->
<!-- <include>mailscanner_rules.xml</include> -->
<!-- <include>dovecot_rules.xml</include> -->
<!-- <include>ms-exchange_rules.xml</include> -->
<!-- <include>racoon_rules.xml</include> -->
<!-- <include>vpn_concentrator_rules.xml</include> -->
<!-- <include>spamd_rules.xml</include> -->
<!-- <include>msauth_rules.xml</include> -->
<!-- <include>mcafee_av_rules.xml</include> -->
<!-- <include>trend-osce_rules.xml</include> -->
<!-- <include>ms-se_rules.xml</include> -->
<!-- <include>policy_rules.xml</include> -->
<!-- <include>zeus_rules.xml</include> -->
<!-- <include>solaris_bsm_rules.xml</include> -->
<!-- <include>vmware_rules.xml</include> -->
<!-- <include>ms_dhcp_rules.xml</include> -->
<include>asterisk_rules.xml</include>
<include>ossec_rules.xml</include>
<include>attack_rules.xml</include>
<!-- <include>openbsd_rules.xml</include> -->
<!-- <include>clam_av_rules.xml</include> -->
<!-- <include>bro-ids_rules.xml</include> -->
<!-- <include>dropbear_rules.xml</include> -->
<include>local_rules.xml</include>
</rules>
----------------------------------------------------------------------------------
This is modification i did , after this when i restart the ossec i am
getting the below error.
root@ossec-server:/var/ossec/etc# /etc/init.d/ossec restart
ossec-monitord not running ..
ossec-logcollector not running ..
ossec-remoted not running ..
ossec-syscheckd not running ..
ossec-analysisd not running ..
ossec-maild not running ..
ossec-execd not running ..
ossec-dbd not running ..
OSSEC HIDS v2.7 Stopped
Starting OSSEC HIDS v2.7 (by Trend Micro Inc.)...
OSSEC analysisd: Testing rules failed. Configuration error. Exiting.
root@ossec-server:/var/ossec/etc#
Kindly help us , this configuration we need .
