Make sure that the file you are writing to is ASCII. I have had issues with OSSEC reading a file that PS writes to without specifically encoding it as ASCII... From my Autoruns Normalize script, this is what I am doing:
#Appends the resulting message in ascii (OSSEC Windows Client does not support Unicode logs) Out-File -Append -Encoding ascii -FilePath ar-normalized.log Side note - after you make this change in your PS script, delete the log file and let it re-create it. If that still doesn't work, enable debug mode for your OSSEC windows agent, restart the agent and try again. Then view the agent logs - the debug logs should give you some further ideas of what is going on. -Josh On Tuesday, September 27, 2016 at 9:24:37 PM UTC-4, Brian Kellogg wrote: > > I've configured the OSSEC agent 2.8.3 to read a file being written to by a > Powershell script. It is a log file with each log entry on its own line. > Can't get Powershell to read the file. Never see the logs come into the > OSSEC server archive.log file. Using the syslog file type to access this > local file. > > I've tried Powershell Out-File and Add-Content cmdlets with no success. > Has anyone had success doing this or something similiar? Out-File is > supposed to allow reading of the file while it is being written to. > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
