On Wed, Dec 1, 2010 at 12:29 PM, Shaikat <sm277...@gmail.com> wrote: > Hi, > > Thanks for answering my question. > > Another related question to the agent.conf file. As you can see I am > using the multi-line log_format introduced in version 2.5.1. > > When I try to recycle an agent I get this error: > > Started ossec-syscheckd... > Completed. > Killing ossec-logcollector .. > Killing ossec-syscheckd .. > Killing ossec-agentd .. > Killing ossec-execd .. > OSSEC HIDS v2.5.1 Stopped > Starting OSSEC HIDS v2.5.1 (by Trend Micro Inc.)... > Started ossec-execd... > Started ossec-agentd... > 2010/11/30 17:55:39 ossec-config(1235): ERROR: Invalid value for > element 'log_format': multi-line. > 2010/11/30 17:55:39 ossec-config(1202): ERROR: Configuration error at > '/var/ossec/etc/shared/agent.conf'. Exiting.Started ossec- > logcollector... > > Both the server and the client are running the same version of OSSEC > HIDS viz., version 2.5.1. > > Inspite of the above error the agent starts up fine. > > Any idea what this error message means and if it is not an error but > just a warning is there anyway this message can be suppressed ? > > Thanks again, > Shaikat
If you put that part of the configuration in the ossec.conf do you still get the error? > > On Dec 1, 12:16 pm, "dan (ddp)" <ddp...@gmail.com> wrote: >> 2010/12/1 Shaikat Majumdar <smajum...@millburncorp.com>: >> >> > I have created a agent.conf file for centralized agent configuration >> > (/var/ossec/etc/shared/agent.conf). The file is attached. >> >> > I am trying to test OSSEC rules/config before deploying these changes. >> >> > So I followed the instructions posted on the link >> >http://www.ossec.net/main/manual/creating-a-separated-directory-for-t... >> > and then tried to run the following command. >> >> > I created the directory ossectest under "~/sandbox" instead of using the >> > "/tmp" directory. >> >> > /var/ossec/bin/ossec-logtest -D ~/sandbox/ossectest/ -c >> > ~/sandbox/ossectest/etc/shared/agent.conf >> >> You need to use etc/ossec.conf with logtest, it doesn't check on the >> agent.conf. >> >> >> >> >> >> >> >> > 2010/12/01 12:07:50 ossec-config(1230): ERROR: Invalid element in the >> > configuration: 'agent_config'. >> > 2010/12/01 12:07:50 ossec-testrule(1202): ERROR: Configuration error at >> > '/home/smajumdar/sandbox/ossectest/etc/shared/agent.conf'. Exiting. >> >> > Can someone explain what this error message means and how it can be >> > rectified ?? >> >> > I am using OSSEC HIDS v2.5.1 >> >> > /var/ossec/bin/ossec-logtest -V >> >> > OSSEC HIDS v2.5.1 - Trend Micro Inc. >> >> > This program is free software; you can redistribute it and/or modify >> > it under the terms of the GNU General Public License (version 2) as >> > published by the Free Software Foundation. For more details, go to >> >http://www.ossec.net/main/license/ >> >> > Thanks, >> > Shaikat Majumdar >> > Millburn Ridgefield Corporation