[ossec-list] Analyzing httperr.log on windows server 2008 (IIS)

Hermes Thu, 04 Aug 2011 05:41:05 -0700

Hello!

Today I tried ossec hids in interaction with IIS and windows server
2008.
When trying to check the log httperr.log, it appears to not work.


Here the snippet of my agent (ossec.conf):

<localfile>
       <location>%WinDir%/System32/LogFiles/HTTPERR/*.log</location>
      <log_format>iis</log_format>
</localfile>

<localfile>
    <location>%WinDir%\System32\LogFiles\HTTPERR\*.log</location>
    <log_format>iis</log_format>
</localfile>

I also tried something like httperr*.log (because, its incrementing
and will be dropped after 1 MB file size) or httperr[0-9]*.log.
But nothing seems to work -.-

Here the log snippet, after restarting the agent:
2011/08/04 14:13:45 ossec-agent(1103): ERROR: Unable to open file 'C:
\Windows/System32/LogFiles/HTTPERR/*.log'.
2011/08/04 14:13:45 ossec-agent(1950): INFO: Analyzing file: 'C:
\Windows/System32/LogFiles/HTTPERR/*.log'.

2011/08/04 14:13:45 ossec-agent(1103): ERROR: Unable to open file 'C:
\Windows\System32\LogFiles\HTTPERR\*.log'.
2011/08/04 14:13:45 ossec-agent(1950): INFO: Analyzing file: 'C:
\Windows\System32\LogFiles\HTTPERR\*.log'.


Thanks for any valuable input :)

[ossec-list] Analyzing httperr.log on windows server 2008 (IIS)

Reply via email to