On Mon, Jul 29, 2013 at 10:51 PM, Jared <[email protected]> wrote: > Hello, > > Our Web team is logging to files with names where some or all of the > following occur normally: > > [Bob][Marley].2013-07-29.log > > [Paul][Simon].2013-07-29.log > > [Jean-Paul][Sartre].2013-07-29.log > > [Socrates][sonofSophroniscus].2013-07-29.log > > > 1. log names are dynamic, based on user interaction on a given day. i.e Paul > or Bob may or may not log in every day. > > 2. the log names contents could be any value based on a new user accessing > the system > > 3. the log names contain one or more sets "[ ]" of brackets > > 4. agent.conf with /var/logs/something/*.log does not pick up the files with > the [brackets] in the file name, but is seeing metering.log and > database.yyyy-mm-dd.log just fine with /*.log. > > > Is there a way to configure OSSEC to see the logs with brackets [ ] other > than to have the development team change all of the logging format for all > of the applications? > > Thank you, > > Jared >
If the wildcard doesn't work, I can't think of a way to do it. I'm guessing you'll have to dig into the code to find out why those logs aren't being picked up. And maybe convince the developers to not make so many horrendous logging decisions. Brackets in the file name? Wow. > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/groups/opt_out. > > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
