On 06/08/2014 01:32 PM, PAL 18 wrote:
I upgraded OSSEC, and on service startup i get this error:
ossec-analysisd: Configuration error. Exiting.
In ossec.log, I tracked it down to:
2014/06/08 14:27:00 ossec-testrule: INFO: Reading local decoder file.
2014/06/08 14:27:00 ossec-analysisd: Invalid decoder name: 'bro-ids'.
2014/06/08 14:27:00 ossec-testrule(1220): ERROR: Error loading the
rules: 'bro-i
ds_rules.xml'.
Here's a one-liner to fix this which hopefully will be helpful. It's
only lightly tested...
source /etc/ossec-init.conf && sed -i
's/<include>bro-ids_rules.xml<\/include>/<!--
<include>bro-ids_rules.xml<\/include> -->/g' $DIRECTORY/etc/ossec.conf
--
---
You received this message because you are subscribed to the Google Groups "ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
