|
Hello!
I'm trying to add extended event logging to windows
agents on Windows Server 2003 domain controller.
There is event
log C:\WINDOWS\system32\config\NTDS.evt
but when i try to add string like
this:
<localfile>
<location>C:\WINDOWS\system32\config\NTDS.evt</location> <log_format>eventlog</log_format> </localfile> it exits with error:
2007/06/26 10:47:26 ossec-agent: DEBUG: Reading
logcollector configuration.
2007/06/26 10:47:26 ossec-agent(1903): Invalid
event log: 'C:\WINDOWS\System32\config\NTDS.Evt'.
2007/06/26 10:47:26 ossec-agent(1202):
Configuration error at 'ossec.conf'. Exiting.
Tried to change location to NTDS.
Unsuccessfull.
Does anyone solved this problem?
P.S.
<localfile>
<location>Application</location> <log_format>eventlog</log_format> </localfile> works, but when i try to change location like this
<location>C:\WINDOWS\System32\config\AppEvent.Evt</location>
it crashes with error.
Thanks.
Dmitrii Chebotarev, Russia.
|
Attachment:
ossec.conf
Description: Binary data