Hi Patrik and Dan, I wonder if this issue may be related to the file path. *C:\ProgramData\GlobalSCAPE\**EFT Server Enterprise/Logs* sounds to be a directory. Could you confirm that?
The *localfile* configuration for logs supports paths or patterns to files only. If you want to follow all the files inside this directory, you should use a pattern like "C:\ProgramData\GlobalSCAPE\EFT Server Enterprise/Logs/*" Hope it help. Best regards, <https://wazuh.com/> *Victor M Fernandez-Castro* IT Engineer — *Wazuh, Inc.* On Mon, Apr 23, 2018 at 3:32 PM, dan (ddp) <[email protected]> wrote: > On Fri, Apr 20, 2018 at 10:25 AM, Patrik Lindh <[email protected]> > wrote: > > Hello! > > I've installed Ossec windoiws agent on a server 2008r2 and want to > monitor > > logs residing in:C:\ProgramData\GlobalSCAPE\EFT Server Enterprise/Logs > > > > But when i start the agent i get the following error: 2018/04/20 14:54:42 > > ossec-logcollector(1103): ERROR: Could not open file > > 'C:\ProgramData\GlobalSCAPE\EFT Server Enterprise/Logs' due to [(9)-(Bad > > file descriptor)]. > > > > Possibly unrelated, but your slashes are odd. You use backslashes > until you get to Logs, then you use a forward slash. > > > Any idea why? > > > > The folder contains about 150 logs (5 new a day and kept in 30days) > > > > What I want to accomplish is to monitor the logs so that nobody changes > them > > and if someone do I want OSSEC to report it. > > > > > > //P > > > > -- > > > > --- > > You received this message because you are subscribed to the Google Groups > > "ossec-list" group. > > To unsubscribe from this group and stop receiving emails from it, send an > > email to [email protected]. > > For more options, visit https://groups.google.com/d/optout. > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
