offline vulnerability detection
114 views
Skip to first unread message
Mushahid Bhat
Sep 2, 2024, 5:21:48 AM9/2/24
to Wazuh | Mailing List
I am using version 4.8 as per documentation I am setting the configuration as
<vulnerability-detector>
<enabled>yes</enabled>
<index-status>yes</index-status>
<feed-update-interval>60m</feed-update-interval>
<offline-url>file:///var/ossec/etc/851035_1724671418.zip</offline-url>
2024/09/02 14:27:21 wazuh-csyslogd: ERROR: (1226): Error reading XML file 'etc/ossec.conf': (line 0).
2024/09/02 14:29:52 wazuh-csyslogd: ERROR: (1226): Error reading XML file 'etc/ossec.conf': (line 0).
<vulnerability-detector>
<enabled>yes</enabled>
<index-status>yes</index-status>
<feed-update-interval>60m</feed-update-interval>
<offline-url>file:///var/ossec/etc/851035_1724671418.zip</offline-url>
But its not working Kindly provide steps to resolve
Error getting as
2024/09/02 14:21:16 wazuh-integratord: INFO: (1225): SIGNAL [(15)-(Terminated)] Received. Exit Cleaning...
2024/09/02 14:21:17 wazuh-csyslogd: ERROR: (1226): Error reading XML file 'etc/ossec.conf': (line 0).2024/09/02 14:27:21 wazuh-csyslogd: ERROR: (1226): Error reading XML file 'etc/ossec.conf': (line 0).
2024/09/02 14:29:52 wazuh-csyslogd: ERROR: (1226): Error reading XML file 'etc/ossec.conf': (line 0).
Stuti Gupta
Sep 2, 2024, 6:35:07 AM9/2/24
to Wazuh | Mailing List
Hi Mushahid Bhat
In vulnerability 4.8 it is vulnerability-detection not vulnerability-detector. Also, make sure you configured offline-update according to https://documentation.wazuh.com/current/user-manual/capabilities/vulnerability-detection/offline-update.html
Hope this helps
In vulnerability 4.8 it is vulnerability-detection not vulnerability-detector. Also, make sure you configured offline-update according to https://documentation.wazuh.com/current/user-manual/capabilities/vulnerability-detection/offline-update.html
Hope this helps
Mushahid Bhat
Sep 4, 2024, 1:57:15 AM9/4/24
to Wazuh | Mailing List
its my ossec.conf file
<enabled>yes</enabled>
<index-status>yes</index-status>
<feed-update-interval>60m</feed-update-interval>
<offline-url>file:///var/ossec/etc/851035_1724671418.zip</offline-url>
<vulnerability-detection>
<enabled>yes</enabled>
<index-status>yes</index-status>
<feed-update-interval>60m</feed-update-interval>
<offline-url>file:///var/ossec/etc/851035_1724671418.zip</offline-url>
</vulnerability-detection>
Its my error message below
● wazuh-manager.service - Wazuh manager
Loaded: loaded (/usr/lib/systemd/system/wazuh-manager.service; enabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Wed 2024-09-04 11:24:43 IST; 1min 18s ago
Process: 61205 ExecStop=/usr/bin/env /var/ossec/bin/wazuh-control stop (code=exited, status=0/SUCCESS)
Process: 61569 ExecStart=/usr/bin/env /var/ossec/bin/wazuh-control start (code=exited, status=1/FAILURE)
Sep 04 11:24:42 pcp systemd[1]: Starting Wazuh manager...
Sep 04 11:24:43 pcp env[61592]: 2024/09/04 11:24:43 wazuh-csyslogd: ERROR: (1226): Error reading XML file 'etc/ossec.conf': (line 0).
Sep 04 11:24:43 pcp env[61569]: wazuh-csyslogd: Configuration error. Exiting
Sep 04 11:24:43 pcpsystemd[1]: wazuh-manager.service: Control process exited, code=exited status=1
Sep 04 11:24:43 pcp systemd[1]: wazuh-manager.service: Failed with result 'exit-code'.
Sep 04 11:24:43 pcp systemd[1]: Failed to start Wazuh manager.
Loaded: loaded (/usr/lib/systemd/system/wazuh-manager.service; enabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Wed 2024-09-04 11:24:43 IST; 1min 18s ago
Process: 61205 ExecStop=/usr/bin/env /var/ossec/bin/wazuh-control stop (code=exited, status=0/SUCCESS)
Process: 61569 ExecStart=/usr/bin/env /var/ossec/bin/wazuh-control start (code=exited, status=1/FAILURE)
Sep 04 11:24:42 pcp systemd[1]: Starting Wazuh manager...
Sep 04 11:24:43 pcp env[61592]: 2024/09/04 11:24:43 wazuh-csyslogd: ERROR: (1226): Error reading XML file 'etc/ossec.conf': (line 0).
Sep 04 11:24:43 pcp env[61569]: wazuh-csyslogd: Configuration error. Exiting
Sep 04 11:24:43 pcpsystemd[1]: wazuh-manager.service: Control process exited, code=exited status=1
Sep 04 11:24:43 pcp systemd[1]: wazuh-manager.service: Failed with result 'exit-code'.
Sep 04 11:24:43 pcp systemd[1]: Failed to start Wazuh manager.
Stuti Gupta
Sep 9, 2024, 6:27:43 AM9/9/24
to Wazuh | Mailing List
Hi
Mushahid
Please share the ossec.conf and the changes that you made.
Also please share the wazuh-manager ossec.log located at /var/ossec/logs/ossec.log
Hope to hear from you soon
Please share the ossec.conf and the changes that you made.
Also please share the wazuh-manager ossec.log located at /var/ossec/logs/ossec.log
Hope to hear from you soon
Reply all
Reply to author
Forward
0 new messages