At the end of ./install.sh OSSEC HIDS v2.7.1 Stopped Starting OSSEC HIDS v2.8 (by Trend Micro Inc.)... ossec-analysisd: Configuration error. Exiting.
- Configuration finished properly. service ossec start Starting OSSEC: [FAILED] from ossec.log 2014/06/04 11:48:27 ossec-execd(1314): INFO: Shutdown received. Deleting responses. 2014/06/04 11:48:27 ossec-execd(1225): INFO: SIGNAL Received. Exit Cleaning... 2014/06/04 11:48:28 ossec-testrule: INFO: Reading local decoder file. 2014/06/04 11:48:28 ossec-analysisd: Invalid decoder name: 'bro-ids'. 2014/06/04 11:48:28 ossec-testrule(1220): ERROR: Error loading the rules: 'bro-ids_rules.xml'. 2014/06/04 11:49:32 ossec-testrule: INFO: Reading local decoder file. 2014/06/04 11:49:32 ossec-analysisd: Invalid decoder name: 'bro-ids'. 2014/06/04 11:49:32 ossec-testrule(1220): ERROR: Error loading the rules: 'bro-ids_rules.xml'. Contents of ossec-init.conf: DIRECTORY="/var/ossec" VERSION="v2.8" DATE="Wed Jun 4 11:48:28 CDT 2014" TYPE="local" Per another email message, deleting the line in /var/ossec/etc/ossec.conf that includes the bro-ids.xml file fixed things. -- -- Steve -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.