duplicate rules error - v.2.9.1

77 views
Skip to first unread message

upen

unread,
Aug 29, 2017, 1:33:40 PM8/29/17
to ossec-list
Hello,

Just installed this to update local from 2.7 to 2.9.1 but start failed.


2017/08/29 12:15:30 ossec-testrule: INFO: Reading local decoder file.
2017/08/29 12:15:30 ossec-analysisd: Duplicate rule ID:52000
2017/08/29 12:15:30 ossec-testrule(1220): ERROR: Error loading the rules: 'bro-ids_rules.xml'.
2017/08/29 12:17:07 ossec-testrule: INFO: Reading local decoder file.
2017/08/29 12:17:07 ossec-analysisd: Duplicate rule ID:52000
2017/08/29 12:17:07 ossec-testrule(1220): ERROR: Error loading the rules: 'bro-ids_rules.xml'.


cat /etc/ossec-init.conf
DIRECTORY="/var/ossec"
VERSION="v2.9.1"
DATE="Tue Aug 29 12:15:29 CDT 2017"
TYPE="local"

Following XMLs were found with duplicate IDs.

/var/ossec/rules/apparmor_rules.xml:  <rule id="52000" level="3">
/var/ossec/rules/bro-ids_rules.xml:  <rule id="52000" level="0">


Any help is appreciated! Thank you!

~UG.

dan (ddp)

unread,
Aug 29, 2017, 1:34:59 PM8/29/17
to ossec...@googlegroups.com
The broids rules were removed and the IDs repurposed. 

--

---
You received this message because you are subscribed to the Google Groups "ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Up

unread,
Aug 29, 2017, 1:37:24 PM8/29/17
to ossec-list


On Tuesday, August 29, 2017 at 12:34:59 PM UTC-5, dan (ddpbsd) wrote:
The broids rules were removed and the IDs repurposed. 

Thanks. so rm -f /var/ossec/rules/bro-ids_rules.xml and start should be the resolution for this issue?


 

On Aug 29, 2017 1:33 PM, "upen" <upendra...@gmail.com> wrote:
Hello,

Just installed this to update local from 2.7 to 2.9.1 but start failed.


2017/08/29 12:15:30 ossec-testrule: INFO: Reading local decoder file.
2017/08/29 12:15:30 ossec-analysisd: Duplicate rule ID:52000
2017/08/29 12:15:30 ossec-testrule(1220): ERROR: Error loading the rules: 'bro-ids_rules.xml'.
2017/08/29 12:17:07 ossec-testrule: INFO: Reading local decoder file.
2017/08/29 12:17:07 ossec-analysisd: Duplicate rule ID:52000
2017/08/29 12:17:07 ossec-testrule(1220): ERROR: Error loading the rules: 'bro-ids_rules.xml'.


cat /etc/ossec-init.conf
DIRECTORY="/var/ossec"
VERSION="v2.9.1"
DATE="Tue Aug 29 12:15:29 CDT 2017"
TYPE="local"

Following XMLs were found with duplicate IDs.

/var/ossec/rules/apparmor_rules.xml:  <rule id="52000" level="3">
/var/ossec/rules/bro-ids_rules.xml:  <rule id="52000" level="0">


Any help is appreciated! Thank you!

~UG.

--

---
You received this message because you are subscribed to the Google Groups "ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+...@googlegroups.com.

Up

unread,
Aug 29, 2017, 1:42:40 PM8/29/17
to ossec-list


On Tuesday, August 29, 2017 at 12:37:24 PM UTC-5, Up wrote:


On Tuesday, August 29, 2017 at 12:34:59 PM UTC-5, dan (ddpbsd) wrote:
The broids rules were removed and the IDs repurposed. 

Thanks. so rm -f /var/ossec/rules/bro-ids_rules.xml and start should be the resolution for this issue?

Never mind. I removed the insertions of those rules  from /var/ossec/etc/ossec.conf.

 
Reply all
Reply to author
Forward
0 new messages