On Tuesday, August 29, 2017 at 12:34:59 PM UTC-5, dan (ddpbsd) wrote: > > The broids rules were removed and the IDs repurposed. >
Thanks. so rm -f /var/ossec/rules/bro-ids_rules.xml and start should be the resolution for this issue? > > On Aug 29, 2017 1:33 PM, "upen" <[email protected] <javascript:>> > wrote: > >> Hello, >> >> Just installed this to update local from 2.7 to 2.9.1 but start failed. >> >> >> 2017/08/29 12:15:30 ossec-testrule: INFO: Reading local decoder file. >> 2017/08/29 12:15:30 ossec-analysisd: Duplicate rule ID:52000 >> 2017/08/29 12:15:30 ossec-testrule(1220): ERROR: Error loading the rules: >> 'bro-ids_rules.xml'. >> 2017/08/29 12:17:07 ossec-testrule: INFO: Reading local decoder file. >> 2017/08/29 12:17:07 ossec-analysisd: Duplicate rule ID:52000 >> 2017/08/29 12:17:07 ossec-testrule(1220): ERROR: Error loading the rules: >> 'bro-ids_rules.xml'. >> >> >> cat /etc/ossec-init.conf >> DIRECTORY="/var/ossec" >> VERSION="v2.9.1" >> DATE="Tue Aug 29 12:15:29 CDT 2017" >> TYPE="local" >> >> Following XMLs were found with duplicate IDs. >> >> /var/ossec/rules/apparmor_rules.xml: <rule id="52000" level="3"> >> /var/ossec/rules/bro-ids_rules.xml: <rule id="52000" level="0"> >> >> >> Any help is appreciated! Thank you! >> >> ~UG. >> >> -- >> >> --- >> You received this message because you are subscribed to the Google Groups >> "ossec-list" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected] <javascript:>. >> For more options, visit https://groups.google.com/d/optout. >> > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
