On Tuesday, August 29, 2017 at 12:37:24 PM UTC-5, Up wrote: > > > > On Tuesday, August 29, 2017 at 12:34:59 PM UTC-5, dan (ddpbsd) wrote: >> >> The broids rules were removed and the IDs repurposed. >> > > Thanks. so rm -f /var/ossec/rules/bro-ids_rules.xml and start should be > the resolution for this issue? >
Never mind. I removed the insertions of those rules from /var/ossec/etc/ossec.conf. > > > > >> >> On Aug 29, 2017 1:33 PM, "upen" <[email protected]> wrote: >> >>> Hello, >>> >>> Just installed this to update local from 2.7 to 2.9.1 but start failed. >>> >>> >>> 2017/08/29 12:15:30 ossec-testrule: INFO: Reading local decoder file. >>> 2017/08/29 12:15:30 ossec-analysisd: Duplicate rule ID:52000 >>> 2017/08/29 12:15:30 ossec-testrule(1220): ERROR: Error loading the >>> rules: 'bro-ids_rules.xml'. >>> 2017/08/29 12:17:07 ossec-testrule: INFO: Reading local decoder file. >>> 2017/08/29 12:17:07 ossec-analysisd: Duplicate rule ID:52000 >>> 2017/08/29 12:17:07 ossec-testrule(1220): ERROR: Error loading the >>> rules: 'bro-ids_rules.xml'. >>> >>> >>> cat /etc/ossec-init.conf >>> DIRECTORY="/var/ossec" >>> VERSION="v2.9.1" >>> DATE="Tue Aug 29 12:15:29 CDT 2017" >>> TYPE="local" >>> >>> Following XMLs were found with duplicate IDs. >>> >>> /var/ossec/rules/apparmor_rules.xml: <rule id="52000" level="3"> >>> /var/ossec/rules/bro-ids_rules.xml: <rule id="52000" level="0"> >>> >>> >>> Any help is appreciated! Thank you! >>> >>> ~UG. >>> >>> -- >>> >>> --- >>> You received this message because you are subscribed to the Google >>> Groups "ossec-list" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected]. >>> For more options, visit https://groups.google.com/d/optout. >>> >> -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
