On Fri, Sep 30, 2016 at 11:01 AM, Rui Da-Costa <[email protected]> wrote: > I stripped the default file to try and isolate, the only thing i have in the > file now is: > > <decoder name="pam"> > <program_name>(pam_unix)$</program_name> > </decoder> > > how can I debug this further?
Is this in the decoder.xml file? I saw different errors when I changed that file. However, adding a decoder to the ossec.conf file gave me the following errors: 2016/10/03 07:46:39 ossec-testrule(1230): ERROR: Invalid element in the configuration: 'decoder'. 2016/10/03 07:46:39 ossec-testrule(1202): ERROR: Configuration error at '/var/ossec/etc/ossec.conf'. Exiting. 2016/10/03 07:46:39 ossec-testrule(1202): ERROR: Configuration error at '/var/ossec/etc/ossec.conf'. Exiting. > Am running the 2.8.3 AUR version for ArchLinux > (https://aur.archlinux.org/packages/ossec-agent/) > > Thanks in advance, > R > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
