James, I have a dynamic OSSEC profile builder tool for windows systems written in powershell. One of its abilities is to find each web application and properly monitor the right logfile. Let me know if you're interested in the IIS detection snippet. It'll be an open source tool I want to contribute to the community after I get done w/ some more testing. =)
Devon J. Greene -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of James Whittington Sent: Monday, August 26, 2013 9:46 PM To: [email protected] Subject: [ossec-list] Option to include a file of local directory definitions on a Windows client I am running a mixed environment of Linux and Windows Webservers and trying to determine how to add all my website logfiles. On the Linux Servers all the website logfiles reside in the same folder so I have a wildcard pattern to add all the website logfiles. On the Windows side however logfiles are stored by customer and website and thus do not exist in the same folder area. I was wondering if there was an option to reference an external file or directory for local file definitions? Then I could easily rebuild definitions in this external file as sites are added without having to modify the main config file. I am hoping I just missed this option as it sounds like something that could be in the agent.conf file and pushed out to multiple servers. James Whittington -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out. ________________________________ CONFIDENTIALITY NOTICE: This electronic communication (email), including any attachments, is covered by the Electronic Communications Privacy Act, 18 U.S.C. §§2510 – 2521; is confidential; and may be legally privileged. If you are not the intended recipient, you are hereby notified that any retention, dissemination, distribution or copying of this electronic communication is strictly prohibited. Please reply to the sender that you received this message in error and then delete or otherwise destroy any and all copies of this electronic communication. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
