Re: [ossec-list] linux_auditd log_format and configuration error in OSSEC 2.7 beta

On Thu, Sep 20, 2012 at 6:12 AM, PAL p...@pal.dp.ua wrote: I'm reinstall ossec from scratch All ran fine. At next I start to merge configs from old installation to new. And got error again. So, I commented out a changes - now work as expected :) I had a two lines in [global] section:

Re: [ossec-list] linux_auditd log_format and configuration error in OSSEC 2.7 beta

Is it possible you forgot the timeout in the server's ossec.conf entry? I get the same errors when I don't have a timeout configured. Really not. I just copy-paste my config in my post. As you can see, timeout value is defined. And even more strange here. Until my experiments error went

Re: [ossec-list] linux_auditd log_format and configuration error in OSSEC 2.7 beta

I'm reinstall ossec from scratch All ran fine. At next I start to merge configs from old installation to new. And got error again. So, I commented out a changes - now work as expected :) I had a two lines in [global] section: stats8/stats host_information8/host_information When I commented it,

Re: [ossec-list] linux_auditd log_format and configuration error in OSSEC 2.7 beta

On 20.09.2012 10:24, Kat wrote: As you are finding out - enough has changed in the formatting and how the new configs are read. I have had a few issues trying to merge in old settings from 2.6 to 2.7 as well. Because of this, I might even suggest to the team that this not be 2.7 but a 3.0

[ossec-list] linux_auditd log_format and configuration error in OSSEC 2.7 beta

In ossec 2.7 a new log_format appeared: linux_auditd I got a strange error. When I configure for read audit.log on agent side: localfile log_format timeout=5linux_auditd/log_format location/var/log/audit/audit.log/location /localfile all work ok. But, when I wrote same lines

Re: [ossec-list] linux_auditd log_format and configuration error in OSSEC 2.7 beta

On Wed, Sep 19, 2012 at 12:15 PM, PAL p...@pal.dp.ua wrote: In ossec 2.7 a new log_format appeared: linux_auditd I got a strange error. When I configure for read audit.log on agent side: localfile log_format timeout=5linux_auditd/log_format

Re: [ossec-list] linux_auditd log_format and configuration error in OSSEC 2.7 beta

I ran into the same problem - *IF* you try updating a 2.6 install with the beta - you must REPLACE it. So no to upgrade and then delete the existing folder (when it asks) and install new 2.7. Otherwise it keeps some files (have not verified which) that cause this. On Wednesday, September 19,

Re: [ossec-list] linux_auditd log_format and configuration error in OSSEC 2.7 beta

Thank you. It really - ossec was updated from 2.6 (but rpm, is it important?) I will try to do that tomorrow. среда, 19 сентября 2012 г., 19:25:19 UTC+3 пользователь Kat написал: I ran into the same problem - *IF* you try updating a 2.6 install with the beta - you must REPLACE it. So no to