Hi Sean, it seems that agent_config name <https://github.com/wazuh/wazuh/blob/master/src/config/config.c#L224> is checked by the function OS_Match2 <https://github.com/wazuh/wazuh/blob/master/src/os_regex/os_match.c#L22> which only matches strings with *^*, *$* or *|* special characters. So, you can not use regex in the name.
I recommend you to use profiles in your agents, define your production servers with the profile "production", the development server with "dev" and so on. Example: *production agent* <ossec_config> <client> <server-ip>10.0.0.220</server-ip> <config-profile>centos, centos7, production</config-profile> </client> *agent.conf* <agent_config profile="production"> I hope it helps. Regards. On Monday, December 5, 2016 at 11:33:01 PM UTC+1, Sean Roe wrote: > > Hi All, > > new to this list and I have a question: > > will the agent_config name field except regex expressions? > > I found a post by Daniel Cid with this reference: > <agent_config name=”agent1|agent2″> > <localfile> > <location>/var/log/my.log</location> > <logtype>syslog</logtype> > </localfile> > </agent_config> > > so I was hoping to build a stanza in agent.conf like this: > > <agent_config name="prod*002|dev*002|qa*002"> > <localfile> > blah, blah. > > to get the prodAB002, prodCD002, devDD002, qaQQ002 servers > > Is that doable? > > Sean > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.