Hello Team, I am trying to collect DHCP logs from a Windows server. I have done the following settings at the agent conf file,
<localfile> <location>%windir%/System32/Dhcp/DhcpSrvLog-%a.log</location> <log_format>syslog</log_format> </localfile> But in the agent logs, I can see the following related messages: 2017/09/19 13:06:13 ossec-logcollector(1952): INFO: Monitoring variable log file: 'C:\Windows/System32/dhcp/DhcpSrvLog-Tue.log'. 2017/09/19 13:06:13 ossec-logcollector(1103): ERROR: Could not open file 'C:\Windows/System32/dhcp/DhcpSrvLog-Tue.log' due to [(9)-(Bad file descriptor)]. 2017/09/19 13:06:13 ossec-logcollector(1950): INFO: Analyzing file: 'C:\Windows/System32/dhcp/DhcpSrvLog-Tue.log'. I am not sure what "Bad file descriptor" can mean, any ideas as to what is OSSEC specifically complaining about? I have tried changing the "/" to "\", but that doesn't help, as I get the same message. Thanks!! -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.