search

ossec / ossec-hids

OSSEC is an Open Source Host-based Intrusion Detection System that performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response.
http://www.ossec.net
Other
4.42k stars 1.03k forks source link

Error config #1305

Closed borbelyau closed 5 years ago

borbelyau commented 6 years ago

Hey Guys ... How are you? When I install ossec... I dont know why my /var/ossec/queue/ossec is empty! I reinstall and is the same error

Tks

ddpbsd commented 6 years ago

What is the error you receive?

borbelyau commented 6 years ago

That directory is empty

ddpbsd commented 6 years ago

Strange, I'm not seeing that error message in the source:

[ddp@ix] :; pwd
/home/ddp/src/projects/git/github/ddpbsd/ossec-hids
[ddp@ix] :; grep -ri 'directory is empty' *
[ddp@ix] :;
borbelyau commented 6 years ago

/var/ossec/queue/ossec

borbelyau commented 6 years ago

2017/10/31 11:35:09 ossec-testrule(1226): ERROR: Error reading XML file '/var/ossec/etc/ossec.conf': XMLERR: Element 'jsonout_output' not closed. (line 3). 2017/10/31 11:35:09 ossec-testrule(1202): ERROR: Configuration error at '/var/ossec/etc/ossec.conf'. Exiting. 2017/10/31 11:35:32 ossec-testrule(1226): ERROR: Error reading XML file '/var/ossec/etc/ossec.conf': XMLERR: Element 'jsonout_output' not closed. (line 3). 2017/10/31 11:35:32 ossec-testrule(1202): ERROR: Configuration error at '/var/ossec/etc/ossec.conf'. Exiting.

ddpbsd commented 6 years ago 
2017/10/31 11:35:09 ossec-testrule(1226): ERROR: Error reading XML file '/var/ossec/etc/ossec.conf': XMLERR: Element 'jsonout_output' not closed. (line 3).

That seems pretty self explanatory. Perhaps you mis-typed </json_output>? I do that kind of thing constantly.