[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[ossec-list] Problem parsing Apache log file
Title: Message
Hello
everyone,
I have a little
problem. An Apache log file cannot be parsed. It seems that Ossec Agent doesn't
replace %Y-%m... by their values ?
I could notice too
that next "localfile" rules are not parsed at all. As soon as there is one
error, Ossec Agent seems to stop parsing following of conf file. I think it
could be interesting that when you start Ossec:
-
all conf file is parsed
-
errors are printed on screen (with -v option for example)
Thanks for your
help.
Fred
-----------------------------------------------------------
In
"ossec.log":
2006/06/26 13:10:18 ossec-logcollector(1950):
Analyzing file: '/var/log/httpd/access_XXX.NAME.2006-06-26'.
2006/06/26 13:10:18
ossec-logcollector(1906): Error parsing file: '/var/log/httpd/access_YYY.NAME.%Y-%m-%d'.
-----------------------------------------------------------
In
"ossec.conf":
<localfile>
<log_format>apache</log_format>
<location>/var/log/httpd/access_XXX.NAME.%Y-%m-%d</location>
</localfile>
<localfile>
<log_format>apache</log_format>
<location>/var/log/httpd/access_YYY.NAME.%Y-%m-%d</location>
</localfile>
-----------------------------------------------------------
--~--~---------~--~----~------------~-------~--~----~
-~----------~----~----~----~------~----~------~--~---
OSSEC home |
Main Index |
Thread Index
OSSEC project: www.ossec.net.
Mailling list information: http://www.ossec.net/en/mailing_lists.html.