Hello Team,
I am trying to collect DHCP logs from a Windows server. I have done the following settings at the agent conf file,
<localfile>
<location>%windir%/System32/Dhcp/DhcpSrvLog-%a.log</location>
<log_format>syslog</log_format>
</localfile>
But in the agent logs, I can see the following related messages:
2017/09/19 13:06:13 ossec-logcollector(1952): INFO: Monitoring variable log file: 'C:\Windows/System32/dhcp/DhcpSrvLog-Tue.log'.
2017/09/19 13:06:13 ossec-logcollector(1103): ERROR: Could not open file 'C:\Windows/System32/dhcp/DhcpSrvLog-Tue.log' due to [(9)-(Bad file descriptor)].
2017/09/19 13:06:13 ossec-logcollector(1950): INFO: Analyzing file: 'C:\Windows/System32/dhcp/DhcpSrvLog-Tue.log'.
I am not sure what "Bad file descriptor" can mean, any ideas as to what is OSSEC specifically complaining about?
I have tried changing the "/" to "\", but that doesn't help, as I get the same message.
Thanks!!