Application log configuration

[Satwika sree]

Hi Team,

We are trying to integrate application logs into Wazuh and added the log file path in the agent ossec configuration file using <localfile> like:

<localfile>

<location>C:\Logs\Applogs-eficaa-*</location>

<log_format> syslog</log_format>

</localfile>

But Wazuh dashboard doesn't get any logs regarding the application logs and after adding this configuration, we have get the error logs in the agent log file like:

2023/03/29 16:52:03 wazuh-agent: ERROR: Error in LookupAccountSid.

2023/03/29 16:52:05 wazuh-agent: ERROR: Error in LookupAccountSid.

what are the causes for this error?

could you help me to resolve this issue?

Regards,

Satwika.

[Federico Ramos]

Hi Satwika

Thank you for reaching out to us. The error in the agent log file is related to a Windows API call that is failing. This error is not related to the log file path configuration you added to the agent ossec configuration file.

To troubleshoot this issue, we recommend you check the Windows Event Viewer for any related errors or warnings. Additionally, you can try running the agent as an administrator to see if that resolves the issue.

Also, please make sure that the .log files are in the path indicated in the configuration.

Please let us know if you have any further questions or concerns.

Best regards,
The Wazuh Framework Team.