Re: [ossec-list] Mass monitoring log files in a folder on windows
Then it might require modifications to ossec sourcecode. Eero 2017-02-14 14:20 GMT+02:00 Tibor Luth : > None of them work. Neither *.log, *log nor any regex between the > tags (on windows using ossec 2.8). ossec-agent(1103): ERROR: > Unable to open file... Only strftime works but in some of my cases it's not > enough :( > > Regards > > T. > > 2017. február 14., kedd 1:19:41 UTC+1 időpontban Eero Volotinen a > következőt írta: >> >> try *log instead of *.log >> >> Eero >> >> 13.2.2017 6.19 ip. "Tibor Luth" kirjoitti: >> >>> Thanks. >>> Reading this for second time I've realized what strftime means. So it >>> can work in most cases and I'll try. >>> But there are one unique application that appends random >>> characters/numbers at the end of the filename like: >>> log-20160829124854-kibe.1519.22082016.log. The "1519.22" part is >>> random. That's why I wanted to use *.log. :( >>> >>> 2017. február 13., hétfő 14:54:32 UTC+1 időpontban Eero Volotinen a >>> következőt írta: Check out this: Date Based Example For log files that change according to the date, you can also specify a strftime format to replace the day, month, year, etc. For example, to monitor the log C:\Windows\app\log-08-12-15.log, where 08 is the year, 12 is the month and 15 the day (and it is rolled over every day), do: C:\Windows\app\log-%y-%m-%d.log syslog Eero 2017-02-13 15:50 GMT+02:00 Tibor Luth : > Unfortunatley I cannot solve the issue in the subject. > > I wrote a few rows in the agent.conf (according to ossec-docs), but > got an error. > > > > X:\mylogs\*.log > syslog > > > The error is: > > *"ERROR*: *Glob error*. *Invalid pattern..."* > > > > If I skip the * wildcard and use a proper filename it has no errors. > How could I solve this? My log file names in that folder are like > logfile_20170202-145321.log. > > Regards > > T. > > > > > -- > > --- > You received this message because you are subscribed to the Google > Groups "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send > an email to ossec-list+...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. > -- >>> >>> --- >>> You received this message because you are subscribed to the Google >>> Groups "ossec-list" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to ossec-list+...@googlegroups.com. >>> For more options, visit https://groups.google.com/d/optout. >>> >> -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to ossec-list+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [ossec-list] Mass monitoring log files in a folder on windows
None of them work. Neither *.log, *log nor any regex between the tags (on windows using ossec 2.8). ossec-agent(1103): ERROR: Unable to open file... Only strftime works but in some of my cases it's not enough :( Regards T. 2017. február 14., kedd 1:19:41 UTC+1 időpontban Eero Volotinen a következőt írta: > > try *log instead of *.log > > Eero > > 13.2.2017 6.19 ip. "Tibor Luth" > > kirjoitti: > >> Thanks. >> Reading this for second time I've realized what strftime means. So it can >> work in most cases and I'll try. >> But there are one unique application that appends random >> characters/numbers at the end of the filename like: >> log-20160829124854-kibe.1519.22082016.log. The "1519.22" part is random. >> That's why I wanted to use *.log. :( >> >> 2017. február 13., hétfő 14:54:32 UTC+1 időpontban Eero Volotinen a >> következőt írta: >>> >>> Check out this: >>> >>> Date Based Example >>> >>> For log files that change according to the date, you can also specify a >>> strftime format to replace the day, month, year, etc. For example, to >>> monitor the log C:\Windows\app\log-08-12-15.log, where 08 is the year, 12 >>> is the month and 15 the day (and it is rolled over every day), do: >>> >>> >>> C:\Windows\app\log-%y-%m-%d.log >>> syslog >>> >>> Eero >>> >>> 2017-02-13 15:50 GMT+02:00 Tibor Luth : >>> Unfortunatley I cannot solve the issue in the subject. I wrote a few rows in the agent.conf (according to ossec-docs), but got an error. X:\mylogs\*.log syslog The error is: *"ERROR*: *Glob error*. *Invalid pattern..."* If I skip the * wildcard and use a proper filename it has no errors. How could I solve this? My log file names in that folder are like logfile_20170202-145321.log. Regards T. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+...@googlegroups.com. For more options, visit https://groups.google.com/d/optout. >>> >>> -- >> >> --- >> You received this message because you are subscribed to the Google Groups >> "ossec-list" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to ossec-list+...@googlegroups.com . >> For more options, visit https://groups.google.com/d/optout. >> > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [ossec-list] Mass monitoring log files in a folder on windows
try *log instead of *.log Eero 13.2.2017 6.19 ip. "Tibor Luth" kirjoitti: > Thanks. > Reading this for second time I've realized what strftime means. So it can > work in most cases and I'll try. > But there are one unique application that appends random > characters/numbers at the end of the filename like: > log-20160829124854-kibe.1519.22082016.log. The "1519.22" part is random. > That's why I wanted to use *.log. :( > > 2017. február 13., hétfő 14:54:32 UTC+1 időpontban Eero Volotinen a > következőt írta: >> >> Check out this: >> >> Date Based Example >> >> For log files that change according to the date, you can also specify a >> strftime format to replace the day, month, year, etc. For example, to >> monitor the log C:\Windows\app\log-08-12-15.log, where 08 is the year, >> 12 is the month and 15 the day (and it is rolled over every day), do: >> >> >> C:\Windows\app\log-%y-%m-%d.log >> syslog >> >> Eero >> >> 2017-02-13 15:50 GMT+02:00 Tibor Luth : >> >>> Unfortunatley I cannot solve the issue in the subject. >>> >>> I wrote a few rows in the agent.conf (according to ossec-docs), but got >>> an error. >>> >>> >>> >>> X:\mylogs\*.log >>> syslog >>> >>> >>> The error is: >>> >>> *"ERROR*: *Glob error*. *Invalid pattern..."* >>> >>> >>> >>> If I skip the * wildcard and use a proper filename it has no errors. >>> How could I solve this? My log file names in that folder are like >>> logfile_20170202-145321.log. >>> >>> Regards >>> >>> T. >>> >>> >>> >>> >>> -- >>> >>> --- >>> You received this message because you are subscribed to the Google >>> Groups "ossec-list" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to ossec-list+...@googlegroups.com. >>> For more options, visit https://groups.google.com/d/optout. >>> >> >> -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to ossec-list+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [ossec-list] Mass monitoring log files in a folder on windows
Thanks. Reading this for second time I've realized what strftime means. So it can work in most cases and I'll try. But there are one unique application that appends random characters/numbers at the end of the filename like: log-20160829124854-kibe.1519.22082016.log. The "1519.22" part is random. That's why I wanted to use *.log. :( 2017. február 13., hétfő 14:54:32 UTC+1 időpontban Eero Volotinen a következőt írta: > > Check out this: > > Date Based Example > > For log files that change according to the date, you can also specify a > strftime format to replace the day, month, year, etc. For example, to > monitor the log C:\Windows\app\log-08-12-15.log, where 08 is the year, 12 > is the month and 15 the day (and it is rolled over every day), do: > > > C:\Windows\app\log-%y-%m-%d.log > syslog > > Eero > > 2017-02-13 15:50 GMT+02:00 Tibor Luth >: > >> Unfortunatley I cannot solve the issue in the subject. >> >> I wrote a few rows in the agent.conf (according to ossec-docs), but got >> an error. >> >> >> >> X:\mylogs\*.log >> syslog >> >> >> The error is: >> >> *"ERROR*: *Glob error*. *Invalid pattern..."* >> >> >> >> If I skip the * wildcard and use a proper filename it has no errors. >> How could I solve this? My log file names in that folder are like >> logfile_20170202-145321.log. >> >> Regards >> >> T. >> >> >> >> >> -- >> >> --- >> You received this message because you are subscribed to the Google Groups >> "ossec-list" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to ossec-list+...@googlegroups.com . >> For more options, visit https://groups.google.com/d/optout. >> > > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [ossec-list] Mass monitoring log files in a folder on windows
Check out this: Date Based Example For log files that change according to the date, you can also specify a strftime format to replace the day, month, year, etc. For example, to monitor the log C:\Windows\app\log-08-12-15.log, where 08 is the year, 12 is the month and 15 the day (and it is rolled over every day), do: C:\Windows\app\log-%y-%m-%d.log syslog Eero 2017-02-13 15:50 GMT+02:00 Tibor Luth : > Unfortunatley I cannot solve the issue in the subject. > > I wrote a few rows in the agent.conf (according to ossec-docs), but got an > error. > > > > X:\mylogs\*.log > syslog > > > The error is: > > *"ERROR*: *Glob error*. *Invalid pattern..."* > > > > If I skip the * wildcard and use a proper filename it has no errors. > How could I solve this? My log file names in that folder are like > logfile_20170202-145321.log. > > Regards > > T. > > > > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to ossec-list+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[ossec-list] Mass monitoring log files in a folder on windows
Unfortunatley I cannot solve the issue in the subject. I wrote a few rows in the agent.conf (according to ossec-docs), but got an error. X:\mylogs\*.log syslog The error is: *"ERROR*: *Glob error*. *Invalid pattern..."* If I skip the * wildcard and use a proper filename it has no errors. How could I solve this? My log file names in that folder are like logfile_20170202-145321.log. Regards T. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.