Error in Agent Log for IIS Eventchannel Configuration
50 views
Skip to first unread message
trail DMARC
Feb 1, 2023, 10:40:50 PM2/1/23
to Wazuh mailing list
Hi,
Please need your support to resolve the error happened in agent side while configuring iis logs through eventchannel.
("ERROR: Could not EvtSubscribe() for (Microsoft-Windows-IIS-Logging/Logs) which returned (15007)")
In IIS server both location activated for logging and logs are generated in both as well.
When we configure local file as below no error appear and logs are getting in wazuh archive
<localfile>
<location>%SystemDrive%\inetpub\logs\LogFiles\W3SVC2\*.log</location>
<log_format>iis</log_format>
</localfile>
<location>%SystemDrive%\inetpub\logs\LogFiles\W3SVC2\*.log</location>
<log_format>iis</log_format>
</localfile>
Please need a advice to resolve the above issue as we need to configure using eventchannel only.
Best Regrads,
Octavio Valle López
Feb 6, 2023, 12:08:47 AM2/6/23
to Wazuh mailing list
Hi Traild...@gmail.com, I hope you are well.
The correct name for the path of that provider is the following.
Microsoft-IIS-Logging/Logs
The correct name for the path of that provider is the following.
Microsoft-IIS-Logging/Logs
trail DMARC
Feb 6, 2023, 3:19:23 AM2/6/23
to Wazuh mailing list
Hi Octavio,
Thanks, it's works, can you please give me an explanation why we skip "windows" (Microsoft-Windows-IIS-Logging/Logs) in the location.
Best Regards,
Reply all
Reply to author
Forward
0 new messages