Hey, You have the provide the event log name (like Application, System, etc) instead of the full path. Try that and it should work.
Thanks, -- Daniel B. Cid On Tue, Jan 31, 2012 at 7:12 PM, mikeyintn <[email protected]> wrote: > Having absolutely no luck reading any Windows 2008 R2 event logs other > than the Security, Application and System (standard ones). Ideally > I'd like to be able to hit some of the applications and services > terminal services logs.. I've tried every incantation for the > following and get no errors and nothing coming back to OSSEC from the > agent. > > <localfile> > <location>c:\Windows\System32\Winevt\Logs\Microsoft-Windows- > TerminalServices-RemoteConnectionManager%4Operational.evtx</location> > <log_format>eventlog</log_format> > </localfile> > > Anyone able to get this to work?
