-
Notifications
You must be signed in to change notification settings - Fork 41
Open
Description
I tried to use a docker-compose file to install ossec-docker, but I ran into a problem of replacing the original ossec.conf with my own one:
version: '3.4'
services:
ossec:
container_name: ossec
image: atomicorp/ossec-docker
restart: alway
volumes:
- ./ossec.conf:/var/ossec/data/etc/ossec.conf
ports:
- "1514:1514/udp"
- "1515:1515/tcp"
It seems that the ossec-server.sh doesn't install anything in /var/ossec/data/etc
when the custom conf already sits in /var/ossec/data/etc
. Is there a way to use a custom ossec.conf?
Here's the log:
ossec | Installing rules <<=== missing Installing etc
ossec | Installing logs
ossec | Installing stats
ossec | Installing queue
ossec | Bulk load file: /var/ossec/default_agent
ossec | Opening: [/var/ossec/default_agent]
ossec | Agent information:
ossec | ID:001
ossec | Name:DEFAULT_LOCAL_AGENT
ossec | IP Address:127.0.0.1
ossec |
ossec | Agent added.
ossec | Starting OSSEC HIDS 2.9.2 (by Trend Micro Inc.)...
ossec | OSSEC analysisd: Testing rules failed. Configuration error. Exiting.
ossec | 2018/02/05 06:23:35 ossec-authd: INFO: Started (pid: 21).
ossec | 2018/02/05 06:23:35 getaddrinfo: Name or service not known
ossec | 2018/02/05 06:23:35 ossec-authd: Unable to bind to port 1515
ossec | 2018/02/05 06:23:52 ossec-analysisd(1226): ERROR: Error reading XML file 'etc/decoder.xml': XMLERR: File 'etc/decoder.xml' not found. (line 203).
ossec | 2018/02/05 06:23:52 ossec-testrule(1202): ERROR: Configuration error at '/etc/decoder.xml'. Exiting.
Metadata
Metadata
Assignees
Labels
No labels