Then it might require modifications to ossec sourcecode. Eero
2017-02-14 14:20 GMT+02:00 Tibor Luth <tibor...@gmail.com>: > None of them work. Neither *.log, *log nor any regex between the > <localfile> tags (on windows using ossec 2.8). ossec-agent(1103): ERROR: > Unable to open file... Only strftime works but in some of my cases it's not > enough :( > > Regards > > T. > > 2017. február 14., kedd 1:19:41 UTC+1 időpontban Eero Volotinen a > következőt írta: >> >> try *log instead of *.log >> >> Eero >> >> 13.2.2017 6.19 ip. "Tibor Luth" <tibo...@gmail.com> kirjoitti: >> >>> Thanks. >>> Reading this for second time I've realized what strftime means. So it >>> can work in most cases and I'll try. >>> But there are one unique application that appends random >>> characters/numbers at the end of the filename like: >>> log-20160829124854-kibe.1519.22082016.log. The "1519.22" part is >>> random. That's why I wanted to use *.log. :( >>> >>> 2017. február 13., hétfő 14:54:32 UTC+1 időpontban Eero Volotinen a >>> következőt írta: >>>> >>>> Check out this: >>>> >>>> Date Based Example >>>> >>>> For log files that change according to the date, you can also specify a >>>> strftime format to replace the day, month, year, etc. For example, to >>>> monitor the log C:\Windows\app\log-08-12-15.log, where 08 is the year, >>>> 12 is the month and 15 the day (and it is rolled over every day), do: >>>> >>>> <localfile> >>>> <location>C:\Windows\app\log-%y-%m-%d.log</location> >>>> <log_format>syslog</log_format></localfile> >>>> >>>> Eero >>>> >>>> 2017-02-13 15:50 GMT+02:00 Tibor Luth <tibo...@gmail.com>: >>>> >>>>> Unfortunatley I cannot solve the issue in the subject. >>>>> >>>>> I wrote a few rows in the agent.conf (according to ossec-docs), but >>>>> got an error. >>>>> >>>>> <agent_config name="agent1"> >>>>> <localfile> >>>>> <location>X:\mylogs\*.log</location> >>>>> <log_format>syslog</log_format> >>>>> </localfile></agent_config> >>>>> >>>>> The error is: >>>>> >>>>> *"ERROR*: *Glob error*. *Invalid pattern..."* >>>>> >>>>> >>>>> >>>>> If I skip the * wildcard and use a proper filename it has no errors. >>>>> How could I solve this? My log file names in that folder are like >>>>> logfile_20170202-145321.log. >>>>> >>>>> Regards >>>>> >>>>> T. >>>>> >>>>> >>>>> >>>>> >>>>> -- >>>>> >>>>> --- >>>>> You received this message because you are subscribed to the Google >>>>> Groups "ossec-list" group. >>>>> To unsubscribe from this group and stop receiving emails from it, send >>>>> an email to ossec-list+...@googlegroups.com. >>>>> For more options, visit https://groups.google.com/d/optout. >>>>> >>>> >>>> -- >>> >>> --- >>> You received this message because you are subscribed to the Google >>> Groups "ossec-list" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to ossec-list+...@googlegroups.com. >>> For more options, visit https://groups.google.com/d/optout. >>> >> -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to ossec-list+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
