On Thu, Dec 20, 2012 at 3:07 AM, Dhinakaran G <[email protected]> wrote: > My ossec.conf fie: > -------------------------- > > <ossec_config> > <global> > <email_notification>yes</email_notification> > <email_to>[email protected]</email_to> > <smtp_server>ASPMX2.GOOGLEMAIL.com.</smtp_server> > <email_from>ossecm@ossec-server</email_from> > </global> > <database_output> > <hostname>localhost</hostname> > <username>root</username> > <password>root</password> > <database>ossec</database> > <type>mysql</type> > </database_output> > <rules> > <include>rules_config.xml</include> > <include>pam_rules.xml</include> > <include>sshd_rules.xml</include> > <include>telnetd_rules.xml</include> > <include>syslog_rules.xml</include> > <!-- <include>arpwatch_rules.xml</include> --> > <!-- <include>symantec-av_rules.xml</include> --> > <!-- <include>symantec-ws_rules.xml</include> --> > <!-- <include>pix_rules.xml</include> --> > <!-- <include>named_rules.xml</include> --> > <!-- <include>smbd_rules.xml</include> --> > <!-- <include>vsftpd_rules.xml</include> --> > <!-- <include>pure-ftpd_rules.xml</include> --> > <!-- <include>proftpd_rules.xml</include> --> > <!-- <include>ms_ftpd_rules.xml</include> --> > <!-- <include>ftpd_rules.xml</include> --> > <!-- <include>hordeimp_rules.xml</include> --> > <!-- <include>roundcube_rules.xml</include> --> > <!-- <include>wordpress_rules.xml</include> --> > <!-- <include>cimserver_rules.xml</include> --> > <!-- <include>vpopmail_rules.xml</include> --> > <!-- <include>vmpop3d_rules.xml</include> --> > <!-- <include>courier_rules.xml</include> --> > <!-- <include>web_rules.xml</include> --> > <!-- <include>web_appsec_rules.xml</include> --> > <!-- <include>apache_rules.xml</include> --> > <!-- <include>nginx_rules.xml</include> --> > <!-- <include>php_rules.xml</include> --> > <!-- <include>mysql_rules.xml</include> --> > <!-- <include>postgresql_rules.xml</include> --> > <!-- <include>ids_rules.xml</include> --> > <!-- <include>squid_rules.xml</include> --> > <!-- <include>firewall_rules.xml</include> --> > <!-- <include>cisco-ios_rules.xml</include> --> > <!-- <include>netscreenfw_rules.xml</include> --> > <!-- <include>sonicwall_rules.xml</include> --> > <!-- <include>postfix_rules.xml</include> --> > <!-- <include>sendmail_rules.xml</include> --> > <!-- <include>imapd_rules.xml</include> --> > <!-- <include>mailscanner_rules.xml</include> --> > <!-- <include>dovecot_rules.xml</include> --> > <!-- <include>ms-exchange_rules.xml</include> --> > <!-- <include>racoon_rules.xml</include> --> > <!-- <include>vpn_concentrator_rules.xml</include> --> > <!-- <include>spamd_rules.xml</include> --> > <!-- <include>msauth_rules.xml</include> --> > <!-- <include>mcafee_av_rules.xml</include> --> > <!-- <include>trend-osce_rules.xml</include> --> > <!-- <include>ms-se_rules.xml</include> --> > <!-- <include>policy_rules.xml</include> --> > <!-- <include>zeus_rules.xml</include> --> > <!-- <include>solaris_bsm_rules.xml</include> --> > <!-- <include>vmware_rules.xml</include> --> > <!-- <include>ms_dhcp_rules.xml</include> --> > <include>asterisk_rules.xml</include> > <include>ossec_rules.xml</include> > <include>attack_rules.xml</include> > <!-- <include>openbsd_rules.xml</include> --> > <!-- <include>clam_av_rules.xml</include> --> > <!-- <include>bro-ids_rules.xml</include> --> > <!-- <include>dropbear_rules.xml</include> --> > <include>local_rules.xml</include> > </rules> > ---------------------------------------------------------------------------------- > This is modification i did , after this when i restart the ossec i am > getting the below error. > > > root@ossec-server:/var/ossec/etc# /etc/init.d/ossec restart > ossec-monitord not running .. > ossec-logcollector not running .. > ossec-remoted not running .. > ossec-syscheckd not running .. > ossec-analysisd not running .. > ossec-maild not running .. > ossec-execd not running .. > ossec-dbd not running .. > OSSEC HIDS v2.7 Stopped > Starting OSSEC HIDS v2.7 (by Trend Micro Inc.)... > OSSEC analysisd: Testing rules failed. Configuration error. Exiting. > root@ossec-server:/var/ossec/etc# >
/var/ossec/bin/ossec-logtest -t You've misconfigured something. run the above command and check ossec.log. I'm guessing you disabled too many rule files and a dependency isn't met, but it's hard to tell when you haven't started troubleshooting your mistake. > > Kindly help us , this configuration we need .
