Centralized configuration with Wildcard is not working

Hello, I'm facing a problem concerning the centralized configuration and I've not been able to solve it for a couple of weeks and I don't know why.

OS : Centos 7

Here is the think : I would like to use the shared configuration of Wazuh to be able to collect apache logs with a wildcard config for these kind of paths "/var/log/mysite.log" or "/var/log/mysite_ssl.log".

Here is the problem :

On my client machine is installed the wazuh-agent which is properly sending logs with it's local configuration so with the ossec.conf file.
In this local file, I'm using full path to allow my agent to be able to collect logs from these paths and it's working.
But, when I'm trying to use, instead, my default agent.conf file so the shared one distributed by the manager in /var/ossec/etc/shared/default/agent.conf with a wildcard path like :


the logs after /var/log/ stop being collected.

Here is a screenshot of regex showing it's working :

Of course I've done :

  • a wazuh-manager restart
  • a md5 sum compare of the version of the agent.conf and the one applied to my client agent.conf and the conf is well pushed.

I hope I have well explained the thing, but anyway don't hesitate in asking me more infos about it :smiley:

Thanks anyway for the time you have invested by helping me :wink:

We don't provide support for the Wazuh agent sorry.

1 Like

Hello, thanks anyway but I found the prob, it was just coming from a bad wildcard writing
Here is the solution in your path :


I hope I've helped some people :wink:

1 Like

Thanks for sharing the solution :slight_smile: