I have fixed this - not sure what the issue was - but clearing out the entire local_rules.xml and re-entering the rules has fixed the issue.
Thanks! On Fri, Nov 8, 2013 at 12:57 PM, Mnemonyss <[email protected]> wrote: > > > We are getting an error on line 65 of local_rules.xml > 2013/11/08 12:37:43 ossec-analysisd(1226): ERROR: Error reading XML file > 'rules//local_rules.xml': XML ERR: Element not closed: match (line 65). > 2013/11/08 12:37:43 ossec-testrule(1220): ERROR: Error loading the rules: > 'local_rules.xml'. > > The match element below corresponds with line 65. > All of the tags have corresponding closed tags. > > > <rule id="100011" level="11"> > <decoded_as>windows</decoded_as> > <if_matched_group>syscheck</if_matched_group> > <match>D:\randomdir\random.exe</match> > <description>Changes to D:\randomdir\random.exe - Investigate if change is > Authorized!</description> > </rule> > > > I am having a hard time figuring out what the issue is. > I can comment out the match line and I will still get the same error. > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
