Hi dan,
It's work,
Only include two files:
<rules>
<include>rules_config.xml</include>
<include>ossec_rules.xml</include>
</rules>
And change config to rules_config.xml to:
<!-- @(#) $Id: ./etc/rules/rules_config.xml, 2011/09/08 dcid Exp $
- Rules config.
- Configuration options. This file must always be included, otherwise
- most of the rules will not work properly.
-
- Copyright (C) 2009 Trend Micro Inc.
- All rights reserved.
-
- This program is a free software; you can redistribute it
- and/or modify it under the terms of the GNU General Public
- License (version 2) as published by the FSF - Free Software
- Foundation.
-
- License details: http://www.ossec.net/en/licensing.html
-->
<group name="syslog">
<rule id="01" level="0" noalert="1">
<category>syslog</category>
<description>Generic template for all syslog rules.</description>
</rule>
</group>
<group name="ids">
<rule id="03" level="0" noalert="1">
<category>ids</category>
<description>Generic template for all ids rules.</description>
</rule>
</group>
<group name="windows">
<rule id="06" level="0" noalert="1">
<category>windows</category>
<description>Generic template for all windows rules.</description>
</rule>
</group>
<group name="ossec">
<rule id="07" level="0" noalert="1">
<category>ossec</category>
<description>Generic template for all ossec rules.</description>
</rule>
</group>
<!-- EOF -->
Restart ossec
Thanks for help!
El miércoles, 3 de mayo de 2017, 22:50:10 (UTC+2), dan (ddpbsd) escribió:
>
> On Tue, May 2, 2017 at 4:37 AM, Huc Manté Miras <hucm...@gmail.com
> <javascript:>> wrote:
> > Only its needed to include two rule files:
> >
> >
> > <rules>
> > <include>rules_config.xml</include>
> > <include>ossec_rules.xml</include>
> > </rules>
> >
>
> Using just those 2 files allows OSSEC to start for me.
> You can check the ossec.log for more information on why it failed. I'm
> guessing something in local_rules.xml that relied on a rule that was
> removed.
>
> >
> >
> > El martes, 2 de mayo de 2017, 10:24:23 (UTC+2), Huc Manté Miras
> escribió:
> >>
> >> Sorry man in the my last comment, i send the information.
> >>
> >> El miércoles, 26 de abril de 2017, 21:01:24 (UTC+2), dan (ddpbsd)
> >> escribió:
> >>>
> >>> On Wed, Apr 26, 2017 at 5:42 AM, Huc Manté Miras <hucm...@gmail.com>
> >>> wrote:
> >>> > I try to remove all includes but not work :(
> >>> >
> >>>
> >>> You provided me with no information to help correct the issue.
> >>>
> >>> > El martes, 25 de abril de 2017, 17:41:56 (UTC+2), dan (ddpbsd)
> >>> > escribió:
> >>> >>
> >>> >>
> >>> >>
> >>> >> On Apr 25, 2017 11:25 AM, "Huc Manté Miras" <hucm...@gmail.com>
> wrote:
> >>> >>
> >>> >> Hello,
> >>> >>
> >>> >> I try to disable all rules to ossec server.
> >>> >>
> >>> >> This is possible?
> >>> >>
> >>> >>
> >>> >> Have you tried removing the rules from the server's ossec.conf?
> >>> >>
> >>> >>
> >>> >>
> >>> >> Thanks!!
> >>> >>
> >>> >> --
> >>> >>
> >>> >> ---
> >>> >> You received this message because you are subscribed to the Google
> >>> >> Groups
> >>> >> "ossec-list" group.
> >>> >> To unsubscribe from this group and stop receiving emails from it,
> send
> >>> >> an
> >>> >> email to ossec-list+...@googlegroups.com.
> >>> >> For more options, visit https://groups.google.com/d/optout.
> >>> >>
> >>> >>
> >>> > --
> >>> >
> >>> > ---
> >>> > You received this message because you are subscribed to the Google
> >>> > Groups
> >>> > "ossec-list" group.
> >>> > To unsubscribe from this group and stop receiving emails from it,
> send
> >>> > an
> >>> > email to ossec-list+...@googlegroups.com.
> >>> > For more options, visit https://groups.google.com/d/optout.
> >
> > --
> >
> > ---
> > You received this message because you are subscribed to the Google
> Groups
> > "ossec-list" group.
> > To unsubscribe from this group and stop receiving emails from it, send
> an
> > email to ossec-list+...@googlegroups.com <javascript:>.
> > For more options, visit https://groups.google.com/d/optout.
>
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
