Thank you. It really - ossec was updated from 2.6 (but rpm, is it important?) I will try to do that tomorrow.
среда, 19 сентября 2012 г., 19:25:19 UTC+3 пользователь Kat написал: > > I ran into the same problem - *IF* you try updating a 2.6 install with the > beta - you must REPLACE it. So "no" to upgrade and then delete the existing > folder (when it asks) and install new 2.7. Otherwise it keeps some files > (have not verified which) that cause this. > > > > On Wednesday, September 19, 2012 9:21:09 AM UTC-7, dan (ddpbsd) wrote: >> >> On Wed, Sep 19, 2012 at 12:15 PM, PAL <p...@pal.dp.ua> wrote: >> > In ossec 2.7 a new log_format appeared: linux_auditd >> > I got a strange error. >> > >> > When I configure for read audit.log on agent side: >> > >> >> <localfile> >> >> <log_format timeout="5">linux_auditd</log_format> >> >> <location>/var/log/audit/audit.log</location> >> >> </localfile> >> > >> > >> > all work ok. >> > >> > But, when I wrote same lines on server host - I got error: >> > >> > 2012/09/19 12:03:08 ossec-config(1243): ERROR: Invalid attribute >> > 'log_format' in the configuration: 'linux_auditd'. >> > 2012/09/19 12:03:08 ossec-config(1202): ERROR: Configuration error at >> > '/var/ossec/etc/ossec.conf'. Exiting. >> > 2012/09/19 12:03:08 ossec-logcollector(1202): ERROR: Configuration >> error at >> > '/var/ossec/etc/ossec.conf'. Exiting. >> > >> > When I set log_format to syslog OR comment out all rules, I have no >> errors. >> > >> > Is any way to fix it? >> > >> > >> >> Are you sure your OSSEC server is running version 2.7? >> >