I configured the OSSEC by following the procedure from https://blog.rapid7.com/2017/06/30/how-to-install-and-configure-ossec-on-ubuntu-linux/ this site. but after configuration, when I tried /var/ossec/bin/ossec-control restart I got
ossec-monitord not running .. ossec-logcollector not running .. ossec-remoted not running .. ossec-syscheckd not running .. ossec-analysisd not running .. ossec-maild not running .. ossec-execd not running .. OSSEC HIDS v2.9.0 Stopped Starting OSSEC HIDS v2.9.0 (by Trend Micro Inc.)... OSSEC analysisd: Testing rules failed. Configuration error. Exiting.
In logtest, I got
Error reading XML file '/var/ossec/etc/ossec.conf': XMLERR: Element 'syscheck' not closed. (line 252). 2018/05/22 15:20:59 ossec-testrule(1202): ERROR: Configuration error at '/var/ossec/etc/ossec.conf'. Exiting.
where can I solve the problem?
You have to close the tag in your config file, Edit ossec.conf :
Type <\syscheck> where you opend it.