Windows agent.conf <localfile> regex

ossec / ossec-hids

OSSEC is an Open Source Host-based Intrusion Detection System that performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response.

http://www.ossec.net

Other

4.42k stars 1.03k forks source link

Windows agent.conf <localfile> regex #1062

Open tiborjan opened 7 years ago

tiborjan commented 7 years ago

OS: Windows Server 2012 R2 OSSEC agent version: 2.8 (from AlienVault 5.3.5)

Windows agent doesn't accept globbing (log, .log....), (s)regex (not recognized) between localfile tags. I would like to "mass" monitor log files with random appended string at the end, in the same folder like log_20140908-093823.log, where --093823-- is random at each filename. strftime is not enough in some cases.

Discussed here in ossec-list

Thanks

ddpbsd commented 7 years ago

I'll add it to the long list of features to look at in the future.