Hi,
How do I test if ossec is actually reading the IIS logs I setup in
ossec.conf? I don't see any entries in the ossec.log stating anything
about iis logs and I'm wondering if there is a way I can test to make
sure ossec is actually reading the logs.
Also, can ossec take active response on the windows side?
Here is the iis logs section in my ossec.conf:
<localfile>
<location>E:\hslogfiles\www\W3SVC1\ex%y%m%d.log</location>
<log_format>iis</log_format>
</localfile>
<localfile>
<location>E:\hslogfiles\www\W3SVC3\ex%y%m%d.log</location>
<log_format>iis</log_format>
</localfile>
<localfile>
<location>E:\hslogfiles\www\W3SVC4\ex%y%m%d.log</location>
<log_format>iis</log_format>
</localfile>
thx,
SW
