cant monitor multiple iis log files using regex wildcard * in windows web server

470 views
Skip to first unread message

מיכאל אליזרוב

unread,
Jul 11, 2018, 7:58:59 AM7/11/18
to Wazuh mailing list
Hey

this is my agent.conf
<localfile><location>D:\LogFiles\W3SVC1\*.log</location><log_format>iis</log_format></localfile>

and this is my error log:
2018/07/11 09:14:51 ossec-agent: ERROR: (1103): Could not open file 'C:\inetpub\logs\LogFiles\W3SVC1\*.log' due to [(123)-(The filename, directory name, or volume label syntax is incorrect.)].


and this is my dir output:
D:\LogFiles\W3SVC1>dir
 Volume in drive D is DATA
 Volume Serial Number is 0000-0000

 Directory of D:\LogFiles\W3SVC1

06/19/2018  11:05 AM    <DIR>          .
06/19/2018  11:05 AM    <DIR>          ..
07/11/2018  08:11 AM             00000 u_ex180711.log
07/10/2018  09:31 AM             00000 u_ex180710.log
07/09/2018  07:22 AM             00000 u_ex180709.log


help will be appreciate

thanks

מיכאל אליזרוב

unread,
Jul 12, 2018, 3:57:29 AM7/12/18
to Wazuh mailing list
its really important to me help wold be appreciate

בתאריך יום רביעי, 11 ביולי 2018 בשעה 14:58:59 UTC+3, מאת מיכאל אליזרוב:

Borja Arroba

unread,
Jul 12, 2018, 12:25:59 PM7/12/18
to Wazuh mailing list
Hi,

The Wildcard '*' only works in Linux system, it's explained in:


For solve your proble you need to use next configuration:

 
<localfile>
<location>D:\LogFiles\W3SVC1\u_ex%Y%m%d.log</location>
<log_format>iis</log_format>
</localfile>


And this only check for logs generated in the same day of your timestamp.
Reply all
Reply to author
Forward
0 new messages