On Tue, Jul 23, 2013 at 10:45 AM, Jared <[email protected]> wrote: > Based on: > > http://www.ossec.net/doc/manual/monitoring/file-log-monitoring.html > > > Multiple Files Example > > <location>/var/log/*.log</location> > > > Date Based Example > > <location>C:\Windows\app\log-%y-%m-%d.log</location> > > > And leveraging central agent.conf with the following entry: > > <localfile> > <location>/usr/tomcat/server/logs/das/*.%Y-%m-%d.log</location> > <log_format>syslog</log_format> > </localfile> > > I receive the following error: > > 2013/07/23 14:21:30 ossec-logcollector(1904): INFO: File not available, > ignoring it: '/usr/tomcat/server/logs/das/*.%Y-%m-%d.log'. >
"strftime and wildcards cannot be used on the same entry." http://www.ossec.net/doc/syntax/head_ossec_config.localfile.html#element-location > Where: > > /usr/tomcat/server/logs/das/ > > Contains one or more of the of the following files: > > [[email protected]][blabla].2013-07-23.log > meter.2013-07-23.log > [system][none].2013-07-23.log > [[email protected]][sfdsn].2013-07-23.log > [[email protected]][randomproductID].2013-07-23.log > clouddb.2013-07-23.log > > Question 1: Why is it not picking up any or all of the logs in this folder > > Question 2: why is it not at least getting meter.2013-07-23.log & > clouddb.2013-07-23.log > > Question 3: how do I have Date and Multiple in a single line entry in the > agent.conf? > > Thank you, > > Jared > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/groups/opt_out. > > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
