Hi Barry,
File /var/ossec/etc/local_decoder.xml must exist and contain at less one
decoder, although it is a dummy one, for example:
<decoder name="local_decoder_example">
<program_name>local_decoder_example</program_name>
</decoder>
Try to create that file and fill it with the content above and restar ossec
with: /var/ossec/bin/ossec-control restart.
Hope it help.
Best regards.
On Wednesday, March 8, 2017 at 12:41:27 AM UTC-8, Barry Kaplan wrote:
>
> Looks like the config entries for local_decor was the culprit. Not sure
> why that did not cause a problem the first time ossec was installed.
>
> On Wednesday, March 8, 2017 at 9:26:49 AM UTC+1, Barry Kaplan wrote:
>>
>> The only errors on ossec. log not about queues is
>>
>> 2017/03/08 08:06:38 ossec-analysisd(1226): ERROR: Error reading XML file
>> 'etc/local_decoder.xml
>> ': XMLERR: File 'etc/local_decoder.xml' not found. (line 126).
>> 2017/03/08 08:06:38 ossec-analysisd(1202): ERROR: Configuration error at
>> 'etc/local_decoder.xml
>> '. Exiting.
>>
>>
>>
>>
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
