Hi, Thanks for answering my question.
Another related question to the agent.conf file. As you can see I am using the multi-line log_format introduced in version 2.5.1. When I try to recycle an agent I get this error: Started ossec-syscheckd... Completed. Killing ossec-logcollector .. Killing ossec-syscheckd .. Killing ossec-agentd .. Killing ossec-execd .. OSSEC HIDS v2.5.1 Stopped Starting OSSEC HIDS v2.5.1 (by Trend Micro Inc.)... Started ossec-execd... Started ossec-agentd... 2010/11/30 17:55:39 ossec-config(1235): ERROR: Invalid value for element 'log_format': multi-line. 2010/11/30 17:55:39 ossec-config(1202): ERROR: Configuration error at '/var/ossec/etc/shared/agent.conf'. Exiting.Started ossec- logcollector... Both the server and the client are running the same version of OSSEC HIDS viz., version 2.5.1. Inspite of the above error the agent starts up fine. Any idea what this error message means and if it is not an error but just a warning is there anyway this message can be suppressed ? Thanks again, Shaikat On Dec 1, 12:16 pm, "dan (ddp)" <ddp...@gmail.com> wrote: > 2010/12/1 Shaikat Majumdar <smajum...@millburncorp.com>: > > > I have created a agent.conf file for centralized agent configuration > > (/var/ossec/etc/shared/agent.conf). The file is attached. > > > I am trying to test OSSEC rules/config before deploying these changes. > > > So I followed the instructions posted on the link > >http://www.ossec.net/main/manual/creating-a-separated-directory-for-t... > > and then tried to run the following command. > > > I created the directory ossectest under "~/sandbox" instead of using the > > "/tmp" directory. > > > /var/ossec/bin/ossec-logtest -D ~/sandbox/ossectest/ -c > > ~/sandbox/ossectest/etc/shared/agent.conf > > You need to use etc/ossec.conf with logtest, it doesn't check on the > agent.conf. > > > > > > > > > 2010/12/01 12:07:50 ossec-config(1230): ERROR: Invalid element in the > > configuration: 'agent_config'. > > 2010/12/01 12:07:50 ossec-testrule(1202): ERROR: Configuration error at > > '/home/smajumdar/sandbox/ossectest/etc/shared/agent.conf'. Exiting. > > > Can someone explain what this error message means and how it can be > > rectified ?? > > > I am using OSSEC HIDS v2.5.1 > > > /var/ossec/bin/ossec-logtest -V > > > OSSEC HIDS v2.5.1 - Trend Micro Inc. > > > This program is free software; you can redistribute it and/or modify > > it under the terms of the GNU General Public License (version 2) as > > published by the Free Software Foundation. For more details, go to > >http://www.ossec.net/main/license/ > > > Thanks, > > Shaikat Majumdar > > Millburn Ridgefield Corporation
