Have you tried enabling active response?
Sent from my iPad
> On Dec 1, 2015, at 10:10, Greg Nowicki wrote:
>
> Yes, I have done that. It appears to read all of the rules and I don't get
> any errors. I have removed almost all customization of the tool in hopes that
> the problem was mine. So
Very weird, no errors on ossec.log either right? Not even with -d -d option?
I would try to compile it again from scratch and see if that is still
happening.
Best
On Tue, Dec 1, 2015 at 12:10 PM, Greg Nowicki wrote:
> Yes, I have done that. It appears to read all of the rules and I don't get
>
Hi,
a little late, but have you tried running it manually to check if it is a
configuration issue?
/var/ossec/bin/ossec-analysisd -t
Best
On Mon, Nov 30, 2015 at 9:18 AM, Greg Nowicki wrote:
> Thanks for the reply. Yes, I had thought of the permissions, should have
> mentioned that in the ori
I actually had this issue today as well. I was creating a custom rule to
ignore a particularly noisy host, and after I restarted the OSSEC service I
received this same error. As it turned out that I had simply typed the rule
incorrectly. Rather than , I had written
. After removing the erra