Based on:
http://www.ossec.net/doc/manual/monitoring/file-log-monitoring.html
Multiple Files Example
<location>/var/log/*.log</location>
Date Based Example
<location>C:\Windows\app\log-%y-%m-%d.log</location>
And leveraging central agent.conf with the following entry:
<localfile>
<location>/usr/tomcat/server/logs/das/*.%Y-%m-%d.log</location>
<log_format>syslog</log_format>
</localfile>
I receive the following error:
2013/07/23 14:21:30 ossec-logcollector(1904): INFO: File not available,
ignoring it: '/usr/tomcat/server/logs/das/*.%Y-%m-%d.log'.
Where:
/usr/tomcat/server/logs/das/
Contains one or more of the of the following files:
[[email protected]][blabla].2013-07-23.log
meter.2013-07-23.log
[system][none].2013-07-23.log
[[email protected]][sfdsn].2013-07-23.log
[[email protected]][randomproductID].2013-07-23.log
clouddb.2013-07-23.log
*Question 1*: Why is it not picking up any or all of the logs in this folder
*Question 2*: why is it not at least getting meter.2013-07-23.log &
clouddb.2013-07-23.log
*Question 3*: how do I have Date and Multiple in a single line entry in the
agent.conf?
Thank you,
Jared
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
