ERROR: Error reading XML file 'etc/decoder.xml' -> No sense
420 views
Skip to first unread message
NewRules
Jan 12, 2011, 9:59:41 AM1/12/11
to ossec-list
Hi,
I just make a fresh install the version 2.5.1 of ossec on an AIX
server. But when I try to start OSSEC i get this :
> ./bin/ossec-control start
> Starting OSSEC HIDS v2.5.1 (by Trend Micro Inc.)...
> 2011/01/12 15:49:03 ossec-analysisd(1226): ERROR: Error reading XML file 'etc/decoder.xml': XML ERR: Bad
> formed XML. Element not opened (line 1923).
> 2011/01/12 15:49:03 ossec-testrule(1202): ERROR: Configuration error at '/etc/decoder.xml'.
> Exiting. ossec-analysisd: Configuration error. Exiting.
I looked at etc/decoder.xml and there is nothing to declare about an
element that is not opened.
Does someone has already experienced something weird like this ? And
do you have a solution ?
FYI : I didn't have this problem with OSSEC 2.4.
Thanks !
I just make a fresh install the version 2.5.1 of ossec on an AIX
server. But when I try to start OSSEC i get this :
> ./bin/ossec-control start
> Starting OSSEC HIDS v2.5.1 (by Trend Micro Inc.)...
> 2011/01/12 15:49:03 ossec-analysisd(1226): ERROR: Error reading XML file 'etc/decoder.xml': XML ERR: Bad
> formed XML. Element not opened (line 1923).
> 2011/01/12 15:49:03 ossec-testrule(1202): ERROR: Configuration error at '/etc/decoder.xml'.
> Exiting. ossec-analysisd: Configuration error. Exiting.
I looked at etc/decoder.xml and there is nothing to declare about an
element that is not opened.
Does someone has already experienced something weird like this ? And
do you have a solution ?
FYI : I didn't have this problem with OSSEC 2.4.
Thanks !
dan (ddp)
Jan 12, 2011, 2:24:14 PM1/12/11
to ossec...@googlegroups.com
Did you modify the decoder.xml? I haven't seen any reports of issues
from anyone else, and I don't see anything odd around line 1923 in the
current decoder.xml.
NewRules
Jan 16, 2011, 10:43:23 AM1/16/11
to ossec-list
On 12 jan, 20:24, "dan (ddp)" <ddp...@gmail.com> wrote:
> Did you modify the decoder.xml? I haven't seen any reports of issues
> from anyone else, and I don't see anything odd around line 1923 in the
> current decoder.xml.
Michael Starks
Jan 16, 2011, 10:57:22 AM1/16/11
to ossec...@googlegroups.com
On 01/12/2011 08:59 AM, NewRules wrote:
> Hi,
>
> I just make a fresh install the version 2.5.1 of ossec on an AIX
> server. But when I try to start OSSEC i get this :
>
>> ./bin/ossec-control start
>> Starting OSSEC HIDS v2.5.1 (by Trend Micro Inc.)...
>> 2011/01/12 15:49:03 ossec-analysisd(1226): ERROR: Error reading XML file 'etc/decoder.xml': XML ERR: Bad
>> formed XML. Element not opened (line 1923).
>> 2011/01/12 15:49:03 ossec-testrule(1202): ERROR: Configuration error at '/etc/decoder.xml'.
>> Exiting. ossec-analysisd: Configuration error. Exiting.
>
> I looked at etc/decoder.xml and there is nothing to declare about an
> element that is not opened.
> Hi,
>
> I just make a fresh install the version 2.5.1 of ossec on an AIX
> server. But when I try to start OSSEC i get this :
>
>> ./bin/ossec-control start
>> Starting OSSEC HIDS v2.5.1 (by Trend Micro Inc.)...
>> 2011/01/12 15:49:03 ossec-analysisd(1226): ERROR: Error reading XML file 'etc/decoder.xml': XML ERR: Bad
>> formed XML. Element not opened (line 1923).
>> 2011/01/12 15:49:03 ossec-testrule(1202): ERROR: Configuration error at '/etc/decoder.xml'.
>> Exiting. ossec-analysisd: Configuration error. Exiting.
>
> I looked at etc/decoder.xml and there is nothing to declare about an
> element that is not opened.
Try replacing the decoder.xml with the one from the previous version.
Make sure to check permissions. That should narrow it to a new build issue.
Reply all
Reply to author
Forward
0 new messages