On Fri, Sep 30, 2011 at 11:17 AM, Nathaniel Bentzinger <[email protected]> wrote: > We are looking to monitoring additional event logs under the Applications > and Services Logs for Windows 2008 R2 servers. I’ve tried the following > settings: > > > > <localfile> > > <location>Applications and Services Logs\Mitoken</location> > > <log_format>eventlog</log_format> > > </localfile> > > > > <localfile> > > <location>Mitoken</location> (Actual file name) > > <log_format>eventlog</log_format> > > </localfile> > > > > <localfile> > > <location>Applications and Services Logs\Mi-token > (Authentication)</location> (visual path and name displayed in the event > viewer ) > > <log_format>eventlog</log_format> > > </localfile> > > > > then unsuccessfully login into my VPN solution. I see the events written to > the Mi-Token event logs but nothing gets passed to the OSSEC server, I’m > checking by ossec/logs/alerts & archive logs as well as the web gui. > >
Do you have the logall option enabled? > > Am I incorrectly setting this up or is it just not possible to do this? > > > > Nathaniel Bentzinger [email protected] > > Systems Administrator 302-429-9120 x220 > > The Archer Group http://www.archer-group.com > >
