If you do not use GEOIP, remove it from src/Config.OS and recompile/reinstall OSSEC.
If you do use GEOIP, update "etc/internal_options.conf" to add maild.geoip=1. Refer to documentation on http://ossec-docs.readthedocs.org/en/latest/syntax/head_internal_options.analysisd.html And more information on GEOIP support is on http://www.ossec.net/files/ossec-hids-2.7-release-note.txt On Friday, January 17, 2014 12:29:09 PM UTC-8, Ian Martinez wrote: > > I recently got this error starting my ossec server > # /var/ossec/bin/ossec-control start > Starting OSSEC HIDS v2.7.1 (by Trend Micro Inc.)... > Started ossec-agentlessd... > ossec-maild did not start correctly. > > This is what i get from /var/ossec/logs/ossec.log > ossec-maild(2301): ERROR: Definition not found for: 'maild.geoip'. > > > Any ideas how to fix it or what is causing the problem? Is there any idea > i can reconfigure ossec server without losing my agents? > > Thank you in advance. > > > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
