On Tue, Apr 2, 2013 at 5:04 PM, Paul Dittrich wrote:
>
> Brand-new OSSEC user.
>
> Fresh install of Debian 6.0.7 with OSSEC 2.7 Everything working
> perfectly until the first time I tried to edit a <___>rules.xml file.
>
> Then I get "OSSEC analysisd: Testing rules failed. Configuration erro
>> Data Security Mgr, Boulder County IT
>> CISSP GSEC GCIH
>>
>>
>> -Original Message-
>> From: ossec-list@googlegroups.com [mailto:ossec-list@googlegroups.com] On
>> Behalf Of dan (ddp)
>> Sent: Monday, March 21, 2011 12:09
>> To: ossec-li
:ossec-list@googlegroups.com] On
> Behalf Of Castle, Shane
> Sent: Monday, March 21, 2011 7:44 PM
> To: ossec-list@googlegroups.com
> Subject: RE: [ossec-list] ossec-logtest error
>
> I doubt that the trend-osce decoder is of any use anymore. The current
> versions of Trend OfficeSc
current releases. No
decoder needed.
--
Shane Castle
Data Security Mgr, Boulder County IT
CISSP GSEC GCIH
-Original Message-
From: ossec-list@googlegroups.com [mailto:ossec-list@googlegroups.com] On
Behalf Of dan (ddp)
Sent: Monday, March 21, 2011 12:09
To: ossec-list@googlegroups.com
Subj
Try:
^20\d\d\d\d\d\d\p;\p
^\d+\p;\p\S+\p;\p(\d+)\p;
id
2011/3/21 Branimir Pačar :
> Hi all,
>
>
>
> I have fresh instalation of ossec server 2.5.1 on AIX server. I didn't
> modify anything yet in decoder or rules, but when i try to run ossec-logtest
> i get following error:
>
>
>
> 2011/0
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 03/21/2011 07:19 AM, Branimir Pačar wrote:
> Hi all,
>
> 2011/03/21 12:03:36 ossec-analysisd(1226): ERROR: Error reading XML file
> 'etc/decoder.xml': XML ERR: Element not closed: ; (line 1635).
What's on line 1635?
> When I look in decoder.xml t
