Also, ensure you are using 900.local.conf and not editing ossec.conf directly on agents. On FreeBSD, and probably other operating systems, upgrades to OSSEC might overwrite ossec.conf.
The full path is /usr/local/ossec-hids/etc/ossec.conf.d/900.local.conf -Gordon On Saturday, May 25, 2019 at 7:17:22 PM UTC-4, Gordon Ewasiuk wrote: > > (sorry for top-posting but im stuck in the list web-interface) > > > Protocol and probably port are invalid options on agents. The server > defines the port and protocol, not the agent. > > I tested this on one of my agents: > > (from ossec.log) > > 2019/05/25 18:59:54 ossec-agentd(1230): ERROR: Invalid element in the > configuration: 'protocol'. > 2019/05/25 18:59:54 ossec-agentd(1202): ERROR: Configuration error at > '/usr/local/ossec-hids/etc/ossec.conf'. Exiting. > 2019/05/25 18:59:54 ossec-agentd(1215): ERROR: No client configured. > Exiting. > > On Saturday, May 25, 2019 at 1:39:05 PM UTC-4, Carlos Lopez wrote: >> >> Hi all, >> >> I have installed Ossec 3.3.0 from source in a FreeBSD 12 host to work >> as an agent, but when I try to start ossec daemons via ossec-control >> script returns this error: >> >> Starting OSSEC HIDS v3.3.0... >> OSSEC analysisd: Testing rules failed. Configuration error. Exiting. >> >> My ossec.conf in this agent is pretty simple: >> >> <ossec_config> >> <client> >> <server> >> <address>172.22.59.11</address> >> <port>2312</port> >> <protocol>udp</protocol> >> </server> >> </client> >> </ossec_config> >> >> Any tips? >> -- >> Regards, >> C. L. Martinez >> > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ossec-list/b76fafcc-24dc-451a-90d6-3a5be0ba6b1f%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
