On Wed, Oct 2, 2019 at 1:06 PM Jerry Lowry <michaiah2...@gmail.com> wrote: > > Dan, > I have noticed that when the application is started and there are errors like > : > 2019/10/02 10:03:15 ossec-maild(1235): ERROR: Invalid value for element > 'format': sms.
I think I removed this fairly recently. > 019/10/02 10:03:15 ossec-dbd(5202): ERROR: Error connecting to database > '10.10.10.108'(ossec): ERROR: Access denied for user ''@'ossec' to database > 'ossec'. > That's an odd error, like the username wasn't specified? > When you stop ossec it does NOT kill the ossec-dbd process. Also, the book > specifies the use of 'format' sms for email alerts but it says its and > invalid value. > How are you stopping it? /var/ossec/bin/ossec-control stop? > jerry > > On Wed, Oct 2, 2019 at 9:00 AM Jerry Lowry <michaiah2...@gmail.com> wrote: >> >> thanks Dan! >> That was the problem. Rebuilt Pcre with --enable-jit=no and it is off and >> running. This is my test VM where I installed MariaDB. I will add an agent >> to it and see if it has the same problem as my physical server. >> >> jerry >> >> On Wed, Oct 2, 2019 at 4:00 AM dan (ddp) <ddp...@gmail.com> wrote: >>> >>> On Tue, Oct 1, 2019 at 1:13 PM Jerry Lowry <michaiah2...@gmail.com> wrote: >>> > >>> > List, >>> > >>> > I just installed a test VM running Centos 7 and installed ossec 3.3.0. >>> > Ran through the script and took all the default questions except for the >>> > email. When I try to start ossec these are the errors I get in the log: >>> > 019/09/27 16:21:53 ossec-analysisd(1450): ERROR: Syntax error on regex: >>> > '(pam_unix)$': 9. >>> > 2019/09/27 16:21:53 ossec-testrule(1202): ERROR: Configuration error at >>> > '/etc/decoder.xml'. Exiting. >>> > 2019/09/27 16:29:41 ossec-analysisd(1450): ERROR: Syntax error on regex: >>> > '(pam_unix)$': 9. >>> > 2019/09/27 16:29:41 ossec-testrule(1202): ERROR: Configuration error at >>> > '/etc/decoder.xml'. Exiting. >>> > 2019/09/30 08:49:07 ossec-analysisd(1450): ERROR: Syntax error on regex: >>> > '(pam_unix)$': 9. >>> > 2019/09/30 08:49:07 ossec-testrule(1202): ERROR: Configuration error at >>> > '/etc/decoder.xml'. Exiting. >>> > 2019/09/30 09:37:55 ossec-analysisd(1450): ERROR: Syntax error on regex: >>> > '(pam_unix)$': 9. >>> > 2019/09/30 09:37:55 ossec-testrule(1202): ERROR: Configuration error at >>> > '/etc/decoder.xml'. Exiting. >>> > I have not touched any of the rules or configuration files as they were >>> > setup based on the question in the installation script. >>> > >>> > so, what I am I missing. Shouldn't this run with a default install? >>> > >>> >>> I think this is a pcre2 issue. I ran into it a bunch of times when I >>> didn't disable JIT on a system that didn't support the JIT. >>> >>> > jerry >>> > >>> > ps....no errors during the installation/compilation >>> > >>> > -- >>> > >>> > --- >>> > You received this message because you are subscribed to the Google Groups >>> > "ossec-list" group. >>> > To unsubscribe from this group and stop receiving emails from it, send an >>> > email to ossec-list+unsubscr...@googlegroups.com. >>> > To view this discussion on the web visit >>> > https://groups.google.com/d/msgid/ossec-list/c9a3f10d-b29c-444c-a678-0bb0d18f7b38%40googlegroups.com. >>> >>> -- >>> >>> --- >>> You received this message because you are subscribed to the Google Groups >>> "ossec-list" group. >>> To unsubscribe from this group and stop receiving emails from it, send an >>> email to ossec-list+unsubscr...@googlegroups.com. >>> To view this discussion on the web visit >>> https://groups.google.com/d/msgid/ossec-list/CAMyQvMo4L5rb6Jgsm3tOnyLt7OX9Yn9huZp9FNKwm%3D_ey1L%2BTQ%40mail.gmail.com. > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to ossec-list+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/ossec-list/CAKP%3DcB5SBAD2RD-G60F%2Bh26hsgZXj1oYTfNeoaj08QDnXa_rMQ%40mail.gmail.com. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ossec-list/CAMyQvMqWx1dP71EADTZgHtgDouQjSyik7787t-4tSUAb-A-Uhw%40mail.gmail.com.
