ASL Decoder File

Imaging · **Joined:** Sat Sep 25, 2010 2:46 pm **Posts:** 97

We ran into an issue with the test build that is very similar to:

viewtopic.php?f=3&t=4000

The issue appears to have started when we upgraded to the ossec 2.6 rpm.

After looking at the errors generated, we found that we were missing the asl decoder file at:

/var/asl/rules/ossec/etc

Since this is a test box we didn't have another copy of 01-asl-decoder.xml so we used the file from our 2.x ASL install from our other box.

After putting said file in the above folder and in /var/ossec/etc/decoder.d/ we were able to restore OSSEC functionality.

Questions:

Have you had any recent reports of similar issues?

Where can we get the default 01-asl-decoder.xml latest file from so that we aren't running with the 2.0 version (assuming there have been some changes since then)?

Thanks.

scott · **Posted:** Wed May 18, 2011 6:02 pm

I dont really know, so far Ive only seen that happen on cpanel.

Imaging · **Joined:** Sat Sep 25, 2010 2:46 pm **Posts:** 97

Thanks.

Any way you could post a copy of the default 01-asl-decoder.xml file from the test build?

scott · **Posted:** Thu May 19, 2011 3:46 pm

It wouldnt help, its coming from the main decoder.

Imaging · **Joined:** Sat Sep 25, 2010 2:46 pm **Posts:** 97

Scott:

Thanks.

Not sure I'm following. Are you saying that the issue originates from the main decoder file (if so, not quite following why adding the 01-asl file allowed OSSEC to function)?

scott · **Posted:** Fri May 20, 2011 5:27 pm

Yup thats it exactly

Imaging · **Joined:** Sat Sep 25, 2010 2:46 pm **Posts:** 97

Thank you.

ASL Decoder File

Who is online