The OSSEC agent runs under the Local System account by default. Try modifying the OSSEC Hids service to run under your own user account and try again. If that works, you know you have a permissions problem.
From: ossec-list@googlegroups.com [mailto:ossec-list@googlegroups.com] On Behalf Of Vinicius Bittencourt Sent: Tuesday, April 16, 2013 10:17 AM To: ossec-list@googlegroups.com Subject: [ossec-list] Log IIS on a remote server Hello, I have web servers (IIS) and directed your "Logging" for a Log Server, this through "Windows folder sharing" In the web server (IIS) I do mapping of network shared folder. I have full access permissions on the directory. IIS creates the files successfully. But OSSEC-agent can't read this my ossec.conf: <ossec_config> <localfile> <location>E:\logs\server1\W3SVC1\u_ex%y%m%d.log</location> <log>_format>iis</log_format> </localfile> </ossec_config> Log error: 2013/04/16 10:47:48 ossec-agent(1952): INFO: Monitoring variable log file: 'E:\server1\W3SVC1\u_ex130416.log'. 2013/04/16 10:47:48 ossec-agent(1103): ERROR: Unable to open file 'E:\server1\W3SVC1\u_ex130416.log'. 2013/04/16 10:47:48 ossec-agent(1950): INFO: Analyzing file: 'E:\server1\W3SVC1\u_ex130416.log'. 2013/04/16 10:47:48 ossec-agent: INFO: Started (pid: 2376). Anyone know how do I read the logs on a remote server? Thanks, VinÃcius -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
