Hello!
I'm trying to add extended event logging to windows agents on Windows Server
2003 domain controller.
There is event log C:\WINDOWS\system32\config\NTDS.evt
but when i try to add string like this:
<localfile>
<location>C:\WINDOWS\system32\config\NTDS.evt</location>
<log_format>eventlog</log_format>
</localfile>
it exits with error:
2007/06/26 10:47:26 ossec-agent: DEBUG: Reading logcollector configuration.
2007/06/26 10:47:26 ossec-agent(1903): Invalid event log:
'C:\WINDOWS\System32\config\NTDS.Evt'.
2007/06/26 10:47:26 ossec-agent(1202): Configuration error at 'ossec.conf'.
Exiting.
Tried to change location to NTDS. Unsuccessfull.
Does anyone solved this problem?
P.S.
<localfile>
<location>Application</location>
<log_format>eventlog</log_format>
</localfile>
works, but when i try to change location like this
<location>C:\WINDOWS\System32\config\AppEvent.Evt</location> it crashes with
error.
Thanks.
Dmitrii Chebotarev, Russia.
ossec.conf
Description: Binary data
