On Tue, Jun 2, 2015 at 10:29 AM, James Siegel <[email protected]> wrote: > ok, thanks Dan, it is in the 2.8.1 documentation and I was just asked this > morning if I could configure it to alert via json... >
That's why I included the note about it being introduced in 2.9. That seemed like a fair trade off, but it looks like I may have to spend more time managing this in the future. > I'll try 2.9 although I think my boss will want to wait until out of beta... > so may have to wait for that > > > > > On Tuesday, June 2, 2015 at 10:19:50 AM UTC-4, James Siegel wrote: >> >> I edit my /var/ossec/etc/ossec.conf on the server... the <global> >> </global> section >> >> I add <jsonout_output>yes</jsonout_output> >> >> and restart my ossec server >> >> /var/ossec]# bin/ossec-control restart >> Killing ossec-monitord .. >> Killing ossec-logcollector .. >> Killing ossec-remoted .. >> Killing ossec-syscheckd .. >> Killing ossec-analysisd .. >> Killing ossec-maild .. >> Killing ossec-execd .. >> OSSEC HIDS v2.8 Stopped >> Starting OSSEC HIDS v2.8 (by Trend Micro Inc.)... >> OSSEC analysisd: Testing rules failed. Configuration error. Exiting. >> >> >> once I remove that line in my global section it starts fine >> it is only when I try adding json out that it appears to fail on me > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
