Error on start wazuh-agent
1,795 views
Skip to first unread message
Thiago Campos
Dec 19, 2017, 2:25:52 PM12/19/17
to Wazuh mailing list
Hi all,
I'm having an error on restart wazuh-agent.
# /etc/init.d/wazuh-agent start
Starting OSSEC: 2017/12/19 16:56:30 ossec-execd: CRITICAL: (1226): Error reading XML file '/etc/ossec.conf': (line 0). [FAILED]
I revised the configuration and not found nothing wrong.
Can someone help?
thanks,
Thiago Campos
I'm having an error on restart wazuh-agent.
# /etc/init.d/wazuh-agent start
Starting OSSEC: 2017/12/19 16:56:30 ossec-execd: CRITICAL: (1226): Error reading XML file '/etc/ossec.conf': (line 0). [FAILED]
I revised the configuration and not found nothing wrong.
Can someone help?
thanks,
Thiago Campos
Victor Fernandez
Dec 19, 2017, 2:30:06 PM12/19/17
to Thiago Campos, Wazuh mailing list
Hi Thiago,
I recommend either reading the ossec.log file:
# tail -n1000 /var/ossec/logs/ossec.log | grep execd
Or running the logtest tool:
# /var/ossec/bin/ossec-logtest -t
They should print a descriptive message of this issue.
Hope it help.
Best regards,
Victor M. Fernandez-Castro | Wazuh, Inc.--
You received this message because you are subscribed to the Google Groups "Wazuh mailing list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+unsubscribe@googlegroups.com.
To post to this group, send email to wa...@googlegroups.com.
Visit this group at https://groups.google.com/group/wazuh.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/b952896d-cf5d-4b50-813e-5c21f0daa9c1%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Thiago Campos
Dec 19, 2017, 5:17:07 PM12/19/17
to Wazuh mailing list
Hi Victor,
The package wazuh-agent does note have ossec-logtest.
# rpm -ql wazuh-agent | grep bin
/var/ossec/active-response/bin
/var/ossec/active-response/bin/disable-account.sh
/var/ossec/active-response/bin/firewall-drop.sh
/var/ossec/active-response/bin/firewalld-drop.sh
/var/ossec/active-response/bin/host-deny.sh
/var/ossec/active-response/bin/ip-customblock.sh
/var/ossec/active-response/bin/ipfw.sh
/var/ossec/active-response/bin/ipfw_mac.sh
/var/ossec/active-response/bin/npf.sh
/var/ossec/active-response/bin/ossec-slack.sh
/var/ossec/active-response/bin/ossec-tweeter.sh
/var/ossec/active-response/bin/pf.sh
/var/ossec/active-response/bin/restart-ossec.sh
/var/ossec/active-response/bin/route-null.sh
/var/ossec/bin
/var/ossec/bin/agent-auth
/var/ossec/bin/manage_agents
/var/ossec/bin/ossec-agentd
/var/ossec/bin/ossec-control
/var/ossec/bin/ossec-execd
/var/ossec/bin/ossec-logcollector
/var/ossec/bin/ossec-lua
/var/ossec/bin/ossec-luac
/var/ossec/bin/ossec-syscheckd
/var/ossec/bin/util.sh
/var/ossec/bin/wazuh-modulesd
-----
The package wazuh-agent does note have ossec-logtest.
# rpm -ql wazuh-agent | grep bin
/var/ossec/active-response/bin
/var/ossec/active-response/bin/disable-account.sh
/var/ossec/active-response/bin/firewall-drop.sh
/var/ossec/active-response/bin/firewalld-drop.sh
/var/ossec/active-response/bin/host-deny.sh
/var/ossec/active-response/bin/ip-customblock.sh
/var/ossec/active-response/bin/ipfw.sh
/var/ossec/active-response/bin/ipfw_mac.sh
/var/ossec/active-response/bin/npf.sh
/var/ossec/active-response/bin/ossec-slack.sh
/var/ossec/active-response/bin/ossec-tweeter.sh
/var/ossec/active-response/bin/pf.sh
/var/ossec/active-response/bin/restart-ossec.sh
/var/ossec/active-response/bin/route-null.sh
/var/ossec/bin
/var/ossec/bin/agent-auth
/var/ossec/bin/manage_agents
/var/ossec/bin/ossec-agentd
/var/ossec/bin/ossec-control
/var/ossec/bin/ossec-execd
/var/ossec/bin/ossec-logcollector
/var/ossec/bin/ossec-lua
/var/ossec/bin/ossec-luac
/var/ossec/bin/ossec-syscheckd
/var/ossec/bin/util.sh
/var/ossec/bin/wazuh-modulesd
-----
# tail -n1000 /var/ossec/logs/ossec.log | grep execd
2017/12/11 19:39:50 ossec-execd: INFO: (1314): Shutdown received. Deleting responses.
2017/12/11 19:39:50 ossec-execd: INFO: (1225): SIGNAL [(15)-(Terminated)] Received. Exit Cleaning...
2017/12/11 21:39:53 ossec-execd: CRITICAL: (1226): Error reading XML file '/etc/ossec.conf': (line 0).
2017/12/19 13:08:03 ossec-execd: CRITICAL: (1226): Error reading XML file '/etc/ossec.conf': (line 0).
2017/12/19 13:39:49 ossec-execd: CRITICAL: (1226): Error reading XML file '/etc/ossec.conf': (line 0).
2017/12/19 13:40:04 ossec-execd: CRITICAL: (1226): Error reading XML file '/etc/ossec.conf': (line 0).
2017/12/19 13:43:13 ossec-execd: CRITICAL: (1226): Error reading XML file '/etc/ossec.conf': (line 0).
2017/12/19 13:45:08 ossec-execd: CRITICAL: (1226): Error reading XML file '/etc/ossec.conf': (line 0).
2017/12/19 13:53:44 ossec-execd: CRITICAL: (1226): Error reading XML file '/etc/ossec.conf': (line 0).
2017/12/19 14:02:03 ossec-execd: CRITICAL: (1226): Error reading XML file '/etc/ossec.conf': (line 0).
2017/12/19 14:02:42 ossec-execd: CRITICAL: (1226): Error reading XML file '/etc/ossec.conf': (line 0).
Thanks for help,2017/12/11 19:39:50 ossec-execd: INFO: (1225): SIGNAL [(15)-(Terminated)] Received. Exit Cleaning...
2017/12/11 21:39:53 ossec-execd: CRITICAL: (1226): Error reading XML file '/etc/ossec.conf': (line 0).
2017/12/19 13:08:03 ossec-execd: CRITICAL: (1226): Error reading XML file '/etc/ossec.conf': (line 0).
2017/12/19 13:39:49 ossec-execd: CRITICAL: (1226): Error reading XML file '/etc/ossec.conf': (line 0).
2017/12/19 13:40:04 ossec-execd: CRITICAL: (1226): Error reading XML file '/etc/ossec.conf': (line 0).
2017/12/19 13:43:13 ossec-execd: CRITICAL: (1226): Error reading XML file '/etc/ossec.conf': (line 0).
2017/12/19 13:45:08 ossec-execd: CRITICAL: (1226): Error reading XML file '/etc/ossec.conf': (line 0).
2017/12/19 13:53:44 ossec-execd: CRITICAL: (1226): Error reading XML file '/etc/ossec.conf': (line 0).
2017/12/19 14:02:03 ossec-execd: CRITICAL: (1226): Error reading XML file '/etc/ossec.conf': (line 0).
2017/12/19 14:02:42 ossec-execd: CRITICAL: (1226): Error reading XML file '/etc/ossec.conf': (line 0).
Thiago Campos
pablo....@wazuh.com
Dec 26, 2017, 7:23:11 AM12/26/17
to Wazuh mailing list
Hi, Thiago,
The ossec.conf file is sensitive to XML syntax, your file may have some format error.Try to check carefully your configuration file to be sure that every tag is correctly closed.
On the other hand, if you have copied any code fragments from the documentation and pasted them directly into ossec.conf you might have errors, try handwriting all the changes you want to include.
Greetings.
Pablo Sanchez.
The ossec.conf file is sensitive to XML syntax, your file may have some format error.Try to check carefully your configuration file to be sure that every tag is correctly closed.
On the other hand, if you have copied any code fragments from the documentation and pasted them directly into ossec.conf you might have errors, try handwriting all the changes you want to include.
Greetings.
Pablo Sanchez.
Thiago Campos
Dec 26, 2017, 7:58:12 AM12/26/17
to pablo....@wazuh.com, Wazuh mailing list
Hi Pablo,
The error was syntax mistake. Thanks for the reply.Thiago Campos
--
You received this message because you are subscribed to a topic in the Google Groups "Wazuh mailing list" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/wazuh/v3GHz7L2WNc/unsubscribe.
To unsubscribe from this group and all its topics, send an email to wazuh+unsubscribe@googlegroups.com.
To post to this group, send email to wa...@googlegroups.com.
Visit this group at https://groups.google.com/group/wazuh.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/afe5ec48-12b5-4f6c-a462-d12adee8d643%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages