One more go at this... *Here is my agent.conf setting:*
<agent_config profile="DAS"> <localfile> <location>"/usr/changed/logs/das/\[*\]\[*\].*.log"</location> <log_format>syslog</log_format> </localfile> </agent_config *Here is the output of validation:* changed:~# /var/ossec/bin/verify-agent-conf verify-agent-conf: Verifying [/var/ossec/etc/shared/agent.conf]. 2013/08/06 13:19:22 ossec-config(1121): ERROR: Glob error. Invalid pattern: '"/usr/changed/logs/das/\[*\]\[*\].*.log"'. Segmentation fault changed:~# Here is the log file being consumed by OSSEC on the server: 2013/08/06 13:40:17 ossec-logcollector(1950): INFO: Analyzing file: '/usr/changed/logs/das/[changed][changed].2013-08-06.log'. 2013/08/06 13:40:17 ossec-logcollector(1950): INFO: Analyzing file: '/usr/changed/logs/das/[changed][changed].2013-08-06.log'. 2013/08/06 13:40:17 ossec-logcollector(1950): INFO: Analyzing file: '/usr/changed/logs/das/[changed][changed].2013-08-06.log'. 2013/08/06 13:40:17 ossec-logcollector(1950): INFO: Analyzing file: '/usr/changed/logs/das/[changed][changed].2013-08-06.log'. 2013/08/06 13:40:17 ossec-logcollector(1950): INFO: Analyzing file: '/usr/changed/logs/das/[changed][changed].2013-08-06.log'. Is there any way to get rid of the "ERROR: Glob error. Invalid pattern:"? Segmentation faults are giving me grief with the watchdog restarting of OSSEC. Frequently, I find that all of the agents are disconnected and that analysisd is not running anymore. Jared On Tuesday, July 30, 2013 12:35:42 PM UTC-4, Jared wrote: > > Indeed. Bit hard to take this seriously when this is the starting point... > but it is the task of the day. > > Thanks for the feedback. > > Jared > > > On Tue, Jul 30, 2013 at 11:57 AM, Michael Starks < > [email protected]> wrote: > >> On 30.07.2013 09:38, dan (ddp) wrote: >> >> And maybe convince the developers to not make so many horrendous >>> logging decisions. Brackets in the file name? Wow. >>> >> >> This. Brackets in a filename is just asking for unnecessary trouble. >> >> >> -- >> >> --- You received this message because you are subscribed to the Google >> Groups "ossec-list" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to >> ossec-list+unsubscribe@**googlegroups.com<ossec-list%[email protected]> >> . >> For more options, visit >> https://groups.google.com/**groups/opt_out<https://groups.google.com/groups/opt_out> >> . >> >> >> > > > -- > Thank you, > > Jared R. Greene > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
