Hi Fred, Thanks for pointing this error out and the suggestions. This issue only happens when you have the format strings on the localfile entry (on all the other cases, if one file fails, ossec just ignores it and keep going). I have a fix ready for it already and I will release a "patch" version soon.
Thanks, -- Daniel B. Cid dcid @ ( at ) ossec.net On 6/26/06, Frederic CRESTIN <[EMAIL PROTECTED]> wrote: > > > Hello everyone, > > I have a little problem. An Apache log file cannot be parsed. It seems that > Ossec Agent doesn't replace %Y-%m... by their values ? > > I could notice too that next "localfile" rules are not parsed at all. As > soon as there is one error, Ossec Agent seems to stop parsing following of > conf file. I think it could be interesting that when you start Ossec: > > - all conf file is parsed > - errors are printed on screen (with -v option for example) > > Thanks for your help. > > Fred > > > ----------------------------------------------------------- > > In "ossec.log": > > 2006/06/26 13:10:18 ossec-logcollector(1950): Analyzing file: > '/var/log/httpd/access_XXX.NAME.2006-06-26'. > 2006/06/26 13:10:18 ossec-logcollector(1906): Error parsing file: > '/var/log/httpd/access_YYY.NAME.%Y-%m-%d'. > > ----------------------------------------------------------- > > In "ossec.conf": > > <localfile> > <log_format>apache</log_format> > > <location>/var/log/httpd/access_XXX.NAME.%Y-%m-%d</location> > </localfile> > > <localfile> > <log_format>apache</log_format> > > <location>/var/log/httpd/access_YYY.NAME.%Y-%m-%d</location> > </localfile> > > ----------------------------------------------------------- > > > > --~--~---------~--~----~------------~-------~--~----~ -~----------~----~----~----~------~----~------~--~---
