I just noticed that after the 2.6-beta update there are some empty tags placed in my server's ossec.conf file. After the section for <localfile> I have the following ...
199 <localfile> 200 <log_format>syslog</log_format> 201 <location>/var/ossec/logs/active-responses.log</location> 202 </localfile> 203 204 </ossec_config> 205 206 <ossec_config> <!-- rules global entry --> 207 </ossec_config> <!-- rules global entry --> 208 209 <ossec_config> <!-- rules global entry --> 210 </ossec_config> <!-- rules global entry --> 211 212 <ossec_config> <!-- rules global entry --> 213 <rules> 214 <include>rules_config.xml</include> So now my configuration has two seperate <ossec_config> sections that actually have settings and two empty. Doesn't seem to effect functionality in any way. Is there a preferred method for organizing the ossec.conf file as far as whether to include everything inside a single <ossec_config> tag or to split it up into multiple? Thanks - Trey