Monitor Multiple Log Files
102 views
Skip to first unread message
Bongani Buthelezi
Sep 8, 2023, 7:00:51 AM9/8/23
to Wazuh | Mailing List
Hi Team,
I am struggling to collect or monitor multiple files from a specified path in linux. Its does however collect the logs when I specify the full path with one file(
/home/bongani.buthelezi/test2/test.log
), but doesnt seem to be doing anything when I use wildcards(*) in the same folder like below exmaple.
The folder size is ~200K so I am not sure if that is cause of any issues and where to view error logs because the agent /var/ossec/logs/ossec.log doesn't show any errors or if the files are being collected.
The folder size is ~200K so I am not sure if that is cause of any issues and where to view error logs because the agent /var/ossec/logs/ossec.log doesn't show any errors or if the files are being collected.
I have also enabled log all option from the manager side to check if the files are being monitored.
Example:
<localfile>
<log_format>multi-line-regex</log_format>
<location>/home/bongani.buthelezi/test2/*</location>
<multiline_regex replace="wspace" match="start">^\[GEF DEBUG\]|\[GEF CRITICAL\]|\[GEF INFO\]|\[GEF ERROR\]|\[GEF WARNING\]|\[GEF DATA\]</multiline_regex>
<log_format>multi-line-regex</log_format>
<location>/home/bongani.buthelezi/test2/*</location>
<multiline_regex replace="wspace" match="start">^\[GEF DEBUG\]|\[GEF CRITICAL\]|\[GEF INFO\]|\[GEF ERROR\]|\[GEF WARNING\]|\[GEF DATA\]</multiline_regex>
Thanks,
Ayomide David Shoyemi
Sep 9, 2023, 3:33:13 PM9/9/23
to Wazuh | Mailing List
Hi Buthelezi,
Thank you for using Wazuh. Please what version of Wazuh are you working with?
Kind Regards
Thank you for using Wazuh. Please what version of Wazuh are you working with?
Kind Regards
Reply all
Reply to author
Forward
0 new messages