[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ossec-list] Is ossec reading my IIS logs?

To: ossec-list@xxxxxxxxxxxxxxxx
Subject: [ossec-list] Is ossec reading my IIS logs?
From: Steve West <stevewest15@xxxxxxxxx>
Date: Fri, 15 Jun 2007 09:26:49 -0400
Dkim-signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:reply-to:user-agent:mime-version:to:subject:content-type:content-transfer-encoding; b=Neez6PfvjE1NuG+CB9yGGnb0wFFEsCNPdZ9vWKNVAcFP/rwF7jWgkMagxLBwzQ0HmQLRrToIxZ2WLGfwFARIzvbLYtOuOuqAv8m7UYYfpKKL4DpaFekVCsxXfHewLrf+x4b3tI6eZctnAImFeoGU01rKpiuh4MUQkNUJVa5CMBs=

Hi,

How do I test if ossec is actually reading the IIS logs I setup in 
ossec.conf? I don't see any entries in the ossec.log stating anything 
about iis logs and I'm wondering if there is a way I can test to make 
sure ossec is actually reading the logs.

Also, can ossec take active response on the windows side?

Here is the iis logs section in my ossec.conf:

   <localfile>
     <location>E:\hslogfiles\www\W3SVC1\ex%y%m%d.log</location>
     <log_format>iis</log_format>
   </localfile>

   <localfile>
     <location>E:\hslogfiles\www\W3SVC3\ex%y%m%d.log</location>
     <log_format>iis</log_format>
   </localfile>

   <localfile>
     <location>E:\hslogfiles\www\W3SVC4\ex%y%m%d.log</location>
     <log_format>iis</log_format>
   </localfile>


thx,

SW

Follow-Ups:
- [ossec-list] Re: Is ossec reading my IIS logs?
  - From: McClinton, Rick

Prev by Date: [ossec-list] Re: Fine tune syslog_rules.xml Rule 1002
Next by Date: [ossec-list] Re: Fine tune syslog_rules.xml Rule 1002
Previous by thread: [ossec-list] Re: ossec 1.2 failing to compile on Solaris 8
Next by thread: [ossec-list] Re: Is ossec reading my IIS logs?
Index(es):
- Date
- Thread

OSSEC home | Main Index | Thread Index

OSSEC project: www.ossec.net.
Mailling list information: http://www.ossec.net/en/mailing_lists.html.