On Mon, Feb 17, 2020 at 9:25 AM Burkhard Schultheis <burkhard.schulth...@web.de> wrote: > > Hi, > > I want to get an email from OSSEC when a port is opened or closed in the > firewall. Therefore I changed "no_log" in firewall_rules.xml to "log". > But the OSSEC failed to start. What's wrong? How to get the desired > emails for firewall changes? It's OSSEC v3.3.0 on CentOS 6.10. >
What do you mean by "a port is opened or closed in the firewall?" Do you mean when a program is listening on a port, or the ruleset is modified to allow traffic through a particular port? What type of firewall? I don't think "log" is a valid value for <options>. Just remove the line. You can look at the ossec.log on the server for more details as to why it's failing. > Thanks in advance! > > Regards > Burkhard > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to ossec-list+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/ossec-list/359319ec-a624-3014-710b-68b871fa514d%40web.de. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ossec-list/CAMyQvMqY6pHX8yYqigUqkBjvTniGZ1v0uAfkXi95ONgwmSM3og%40mail.gmail.com.