Hi
After using ASL succesfully for quite a while, the following error as suddenly started happening, both when ossec-hids is automatically restarted, and when I manually restart it. Does anybody have any idea how this can be fixed? Doing an asl -u shows everything is up to date, and also yum update is up-to-date... Any ideas greatly appreciated! :
root@xxxx tomkerswill]# /etc/init.d/ossec-hids start
Starting ossec-hids: 2008/11/15 19:41:55 ossec-analysisd: Invalid decoder name: 'smf-sav-reject'.
2008/11/15 19:41:55 ossec-analysisd(1220): ERROR: Error loading the rules: 'sendmail_rules.xml'.
[FAILED]
[root@xxxx tomkerswill]#
ossec-hids error no longer starting
-
tomkerswill
- Forum User
- Posts: 40
- Joined: Mon Mar 26, 2007 9:47 am
-
tomkerswill
- Forum User
- Posts: 40
- Joined: Mon Mar 26, 2007 9:47 am
Hi Scott
Ah, okay - when I issue that command i get:
[root@xxxx tomkerswill]# yum --enablerepo=asl-2.0-testing upgrade ossec-hids
Setting up Upgrade Process
Setting up repositories
asl-2.0-testing [1/9]
asl-2.0-testing 100% |=========================| 951 B 00:00
asl-2.0 [2/9]
asl-2.0 100% |=========================| 951 B 00:00
atomic [3/9]
atomic 100% |=========================| 951 B 00:00
updates-released [4/9]
updates-released 100% |=========================| 1.2 kB 00:00
plesk [5/9]
plesk 100% |=========================| 951 B 00:00
extras [6/9]
extras 100% |=========================| 1.1 kB 00:00
core [7/9]
core 100% |=========================| 1.1 kB 00:00
base [8/9]
base 100% |=========================| 1.1 kB 00:00
updates [9/9]
updates 100% |=========================| 1.2 kB 00:00
Reading repository metadata in from local files
Could not find update match for ossec-hids
No Packages marked for Update/Obsoletion
Here is the version I've got:
Available Packages
Name : ossec-hids
Arch : i386
Version: 1.5
Release: 3.fc5.art
Size : 45 k
Repo : asl-2.0
Summary: An Open Source Host-based Intrusion Detection System
Description:
OSSEC HIDS is an Open Source Host-based Intrusion Detection
System. It performs log analysis, integrity checking, rootkit
detection, time-based alerting and active response.
Cheers,
Tom
Ah, okay - when I issue that command i get:
[root@xxxx tomkerswill]# yum --enablerepo=asl-2.0-testing upgrade ossec-hids
Setting up Upgrade Process
Setting up repositories
asl-2.0-testing [1/9]
asl-2.0-testing 100% |=========================| 951 B 00:00
asl-2.0 [2/9]
asl-2.0 100% |=========================| 951 B 00:00
atomic [3/9]
atomic 100% |=========================| 951 B 00:00
updates-released [4/9]
updates-released 100% |=========================| 1.2 kB 00:00
plesk [5/9]
plesk 100% |=========================| 951 B 00:00
extras [6/9]
extras 100% |=========================| 1.1 kB 00:00
core [7/9]
core 100% |=========================| 1.1 kB 00:00
base [8/9]
base 100% |=========================| 1.1 kB 00:00
updates [9/9]
updates 100% |=========================| 1.2 kB 00:00
Reading repository metadata in from local files
Could not find update match for ossec-hids
No Packages marked for Update/Obsoletion
Here is the version I've got:
Available Packages
Name : ossec-hids
Arch : i386
Version: 1.5
Release: 3.fc5.art
Size : 45 k
Repo : asl-2.0
Summary: An Open Source Host-based Intrusion Detection System
Description:
OSSEC HIDS is an Open Source Host-based Intrusion Detection
System. It performs log analysis, integrity checking, rootkit
detection, time-based alerting and active response.
Cheers,
Tom
As of todays update, I'm getting:
[root@ds2271 httpdocs]# /etc/init.d/ossec-hids start
Starting ossec-hids: 2008/12/02 13:04:30 ossec-analysisd: Invalid decoder name: 'smf-sav-reject'.
2008/12/02 13:04:30 ossec-analysisd(1220): ERROR: Error loading the rules: 'sendmail_rules.xml'.
[FAILED]
I've tried using asl-testing but no updates are available (as I've updated to testing last go around)
Thanks!
[root@ds2271 httpdocs]# /etc/init.d/ossec-hids start
Starting ossec-hids: 2008/12/02 13:04:30 ossec-analysisd: Invalid decoder name: 'smf-sav-reject'.
2008/12/02 13:04:30 ossec-analysisd(1220): ERROR: Error loading the rules: 'sendmail_rules.xml'.
[FAILED]
I've tried using asl-testing but no updates are available (as I've updated to testing last go around)
Thanks!