List, I just installed a test VM running Centos 7 and installed ossec 3.3.0. Ran through the script and took all the default questions except for the email. When I try to start ossec these are the errors I get in the log: 019/09/27 16:21:53 ossec-analysisd(1450): ERROR: Syntax error on regex: '(pam_unix)$': 9. 2019/09/27 16:21:53 ossec-testrule(1202): ERROR: Configuration error at '/etc/decoder.xml'. Exiting. 2019/09/27 16:29:41 ossec-analysisd(1450): ERROR: Syntax error on regex: '(pam_unix)$': 9. 2019/09/27 16:29:41 ossec-testrule(1202): ERROR: Configuration error at '/etc/decoder.xml'. Exiting. 2019/09/30 08:49:07 ossec-analysisd(1450): ERROR: Syntax error on regex: '(pam_unix)$': 9. 2019/09/30 08:49:07 ossec-testrule(1202): ERROR: Configuration error at '/etc/decoder.xml'. Exiting. 2019/09/30 09:37:55 ossec-analysisd(1450): ERROR: Syntax error on regex: '(pam_unix)$': 9. 2019/09/30 09:37:55 ossec-testrule(1202): ERROR: Configuration error at '/etc/decoder.xml'. Exiting. I have not touched any of the rules or configuration files as they were setup based on the question in the installation script.
so, what I am I missing. Shouldn't this run with a default install? jerry ps....no errors during the installation/compilation -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ossec-list/c9a3f10d-b29c-444c-a678-0bb0d18f7b38%40googlegroups.com.
