27Haz
How to monitor a logs directory with OSSEC agent in windows
My problem is that I have some windows programs I want to monitor with the following structure in the logs filename:
Program name%Y%m%d_%timestamp.log
Where %timestamp is formed by the concatenation of hours, minutes, seconds and milliseconds. I've already been reading the documentation about the OSSEC agent and performing some tests, and any of them where successful.
As the manual says at the localfile section:
Wildcards may be used on non-Windows systems
So I don't know how to monitor these logs folders. Can anyone help me, please?
Edit:
I don't want to monitor the file sizes or movements. I want to get the events contained in those logs and process them.