Try to run:
# /var/ossec/bin/ossec-logcollector -V
To see if you have the right version installed (2.5.1). And on the
configuration you have to set like Dan (ddp) said: "multi-line:
"
Thanks,
On Thu, Dec 2, 2010 at 4:54 PM, Shaikat Majumdar
wrote:
> I tried the solution you suggested and it
I tried the solution you suggested and it does not rectify the problem.
Still getting the same error message on the ossec.conf file.
The other question I had on this can I specify a range for the number of
lines for an entry, (for example: let's say 1 to 50), in the case of a
multi-line log_fo
It was pointed out to me on IRC that the should include
the number of lines expected in an event.
For example if each entry is 10 lines long:
multi-line: 10
On Wed, Dec 1, 2010 at 3:43 PM, Shaikat Majumdar wrote:
> I have tested the multi-line stuff by using the forensic analysis feature of
> lo
I have tested the multi-line stuff by using the forensic analysis feature of
log files (cat /tmp/foo.log | /var/ossec/bin/ossec-logtest -a) and it works.
That is what led me to believe this might be a non-issue or maybe a
syntactical issue.
Here is the config section in the ossec.conf file which i
On Wed, Dec 1, 2010 at 1:18 PM, Shaikat wrote:
> Yes I get the same error.
>
> Also, I want to configure my agents centrally so that is why I am
> using the agent.conf file.
>
Understood, it was just a test. I haven't tried the multiline stuff yet.
> However, as I stated above the error does not
Yes I get the same error.
Also, I want to configure my agents centrally so that is why I am
using the agent.conf file.
However, as I stated above the error does not prevent the agent from
restarting.
Maybe this is a non-issue. I just wanted to clarify whether this error
message can be safely igno
On Wed, Dec 1, 2010 at 12:29 PM, Shaikat wrote:
> Hi,
>
> Thanks for answering my question.
>
> Another related question to the agent.conf file. As you can see I am
> using the multi-line log_format introduced in version 2.5.1.
>
> When I try to recycle an agent I get this error:
>
> Started ossec
Hi,
Thanks for answering my question.
Another related question to the agent.conf file. As you can see I am
using the multi-line log_format introduced in version 2.5.1.
When I try to recycle an agent I get this error:
Started ossec-syscheckd...
Completed.
Killing ossec-logcollector ..
Killing os
