Anyway I will investigate this weird situation. David here are the summary of event;
First agents dropped notice to log file: 2006/10/04 00:08:23 ossec-agent(1904): File not available, ignoring it: 'C:\WINNT/System32/LogFiles/W3SVC1/ex061004.log'. Second ex061004.log created by IIS after some times but agents did not start analyzing file (ignored file permanently?) Third, after some hours, all five IIS stopped logging, I checked the latest IIS log files, they were filled with lots of blank lines. Now I have stopped 3 of 5 agents. I will be sure that it will happen again in 5 machines or only on two machines with agents. ---- [EMAIL PROTECTED] demiş ki: > > Yes of course. > > Weird when I examined all ISS logs on all machines there are so many blank > lines on the latest log file and IIS stopped logging after sometimes. That > happened on all servers with ossec agent. Could be a ossec-agent side effect > on IIS or IIS log files ? > > ---- Dennis Borkhus-Veto <[EMAIL PROTECTED]> demiş ki: > > Do you have your local ossec conf set to monitor IIS logs? > > Dennis > > > > -----Original Message----- > > From: [email protected] <[email protected]> > > To: [email protected] <[email protected]> > > Sent: Wed Oct 04 06:30:55 2006 > > Subject: [ossec-list] Re: IIS Log Analyzing > > > > > > I've checked all other agents with IIS and notice the same problem. All > > agents are active but stopped analyzing IIS log files after "file not > > available ignoring" error. > > > > ---- [EMAIL PROTECTED] demiş ki: > > > > > > Okay, here is the another problem. > > > > > > 2006/10/04 00:08:23 ossec-agent(1904): File not available, ignoring it: > > > 'C:\WINNT/System32/LogFiles/W3SVC1/ex061004.log'. > > > > > > Agent ignored that file because it was not available but after some > > > times, file was created but the agent did not re-check that the file > > > exists or not so agent seems sleeping and stopped analyzing the file. > > > Since 00:08:23 ossec server has not got any IIS alerts. I'am requesting > > > an urgent fix :) > > > > >
