Having absolutely no luck reading any Windows 2008 R2 event logs other than the Security, Application and System (standard ones). Ideally I'd like to be able to hit some of the applications and services terminal services logs.. I've tried every incantation for the following and get no errors and nothing coming back to OSSEC from the agent.
<localfile> <location>c:\Windows\System32\Winevt\Logs\Microsoft-Windows- TerminalServices-RemoteConnectionManager%4Operational.evtx</location> <log_format>eventlog</log_format> </localfile> Anyone able to get this to work?
