On Wed, Sep 19, 2012 at 12:15 PM, PAL <[email protected]> wrote: > In ossec 2.7 a new log_format appeared: linux_auditd > I got a strange error. > > When I configure for read audit.log on agent side: > >> <localfile> >> <log_format timeout="5">linux_auditd</log_format> >> <location>/var/log/audit/audit.log</location> >> </localfile> > > > all work ok. > > But, when I wrote same lines on server host - I got error: > > 2012/09/19 12:03:08 ossec-config(1243): ERROR: Invalid attribute > 'log_format' in the configuration: 'linux_auditd'. > 2012/09/19 12:03:08 ossec-config(1202): ERROR: Configuration error at > '/var/ossec/etc/ossec.conf'. Exiting. > 2012/09/19 12:03:08 ossec-logcollector(1202): ERROR: Configuration error at > '/var/ossec/etc/ossec.conf'. Exiting. > > When I set log_format to syslog OR comment out all rules, I have no errors. > > Is any way to fix it? > >
Are you sure your OSSEC server is running version 2.7?
