[ossec-list] help with in agent.conf on 2.6 server

Mon, 11 Aug 2014 10:25:36 -0700 

Hello.  I have and agent.conf file that throws errors when I attempt to 
specify a particular agent with the name command.  here is the 
configuration:
<agent_config>

<agent_config name="logger.hpc">
  <localfile>
    <location>/var/log/hpc_logs</location>
    <log_format>syslog</log_format>
  </localfile>
</agent_config>

  <command>
    <name>restart-ossec</name>
    <executable>restart-ossec.sh</executable>
    <expect></expect>
  </command>

  <active-response>
    <command>restart-ossec</command>
    <location>local</location>
    <rules_id>510010</rules_id>
  </active-response>

  <localfile>
    <log_format>syslog</log_format>
    <location>/var/ossec/logs/active-responses.log</location>
  </localfile>

  <localfile>
    <log_format>syslog</log_format>
    <location>/var/log/messages</location>
  </localfile>

</agent_config>

These are the errors I get:
sudo /var/ossec/bin/verify-agent-conf
2014/08/11 17:13:16 ossec-config(1230): ERROR: Invalid element in the 
configuration: 'agent_config'.
2014/08/11 17:13:16 ossec-config(1202): ERROR: Configuration error at 
'/var/ossec/etc/shared/agent.conf'. Exiting.

If I take out just the <agent_config name="logger.hpc"> and the matching 
</agent_config>, the errors go away.
I have tried using just "logger" and get the same errors.
I have tried a different agent without a period in the name (did have a 
dash), same errors. As far as Ic an tell, my formatting is correct per the 
documentation 
here: 
http://ossec-docs.readthedocs.org/en/latest/manual/agent/agent-configuration.html

I am running 2.6 because my central server is a Security Onion box, and 
their distro has not updated to 2.7 or 2.8.  the agent.conf file IS getting 
pushed to my 2.7.1 agents just fine, and THEY throw the same errors - twice 
each time I restart OSSEC.  I've spent the last couple hours going through 
the mailing list to see if I could find an answer, if it's here, I'm 
missing it.  ANy help would be greatly appreciated.  I just added two 
agents that I need to write more custom sections for, but I'm not confident 
I can at this point.  Thanks!

Steve

-- 

--- 
You received this message because you are subscribed to the Google Groups 
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
For more options, visit https://groups.google.com/d/optout.

Reply via email to