[ossec-list] ossec-analysisd: Rules in an inconsistent state. Exiting

Tue, 13 Sep 2016 01:19:31 -0700 

When I start ossec-hids via init script, ossec-analysisd dies shortly 
thereafter with the following error:

2016/09/13 01:07:43 ossec-analysisd: Rules in an inconsistent state. 
Exiting.

Interestingly enough, I don't see this issue if I simply start 
ossec-analysisd by itself using:

/var/ossec/bin/ossec-analysisd -d

In this case, the last message I see is:

2016/09/13 01:17:28 ossec-analysisd: DEBUG: Startup completed. Waiting for 
new messages..

Config and system info below.  Appreciate any assistance.  Cheers.

Todd Michael

-------------

*# version*
OSSEC HIDS v2.8.3 - Trend Micro Inc.

-------------

*# /etc/ossec-init.conf*
DIRECTORY="/var/ossec"
VERSION="2.8.3"
DATE="Fri Apr  8 14:30:15 EDT 2016"
TYPE="server"

-------------

*# /var/ossec/etc/ossec.conf*
<ossec_config>
  <syscheck>
    <frequency>21600</frequency>
    <directories check_all="yes">/etc,/usr/bin,/usr/sbin</directories>
    <directories check_all="yes">/bin,/sbin</directories>
    <ignore>/etc/mtab</ignore>
    <ignore>/etc/hosts.deny</ignore>
    <ignore>/etc/mail/statistics</ignore>
    <ignore>/etc/random-seed</ignore>
    <ignore>/etc/adjtime</ignore>
    <ignore>/etc/httpd/logs</ignore>
  </syscheck>
  <rootcheck>
    <disabled>no</disabled>
    <rootkit_files>/var/ossec/etc/shared/rootkit_files.txt</rootkit_files>
    
<rootkit_trojans>/var/ossec/etc/shared/rootkit_trojans.txt</rootkit_trojans>
    <system_audit>/var/ossec/etc/shared/system_audit_rcl.txt</system_audit>
  </rootcheck>
  <localfile>
    <log_format>syslog</log_format>
    <location>/var/log/messages</location>
  </localfile>
  <global>
    <email_notification>yes</email_notification>
    <email_from>oss...@ossec1.domain.com</email_from>
    <email_to>m...@mydomain.com</email_to>
    <smtp_server>127.0.0.1</smtp_server>
  </global>
  <alerts>
    <email_alert_level>7</email_alert_level>
    <log_alert_level>1</log_alert_level>
    <use_geoip>no</use_geoip>
  </alerts>
  <remote>
    <connection>secure</connection>
  </remote>
</ossec_config>

-------------

*# uname*
Linux ossec1-mgmt-usw2 3.10.0-327.10.1.el7.x86_64 #1 SMP Tue Feb 16 
17:03:50 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux



-- 

--- 
You received this message because you are subscribed to the Google Groups 
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to