Hello, I'm facing a problem concerning the centralized configuration and I've not been able to solve it for a couple of weeks and I don't know why.
OS : Centos 7
Here is the think : I would like to use the shared configuration of Wazuh to be able to collect apache logs with a wildcard config for these kind of paths "/var/log/mysite.log" or "/var/log/mysite_ssl.log".
Here is the problem :
On my client machine is installed the wazuh-agent which is properly sending logs with it's local configuration so with the ossec.conf file.
In this local file, I'm using full path to allow my agent to be able to collect logs from these paths and it's working.
But, when I'm trying to use, instead, my default agent.conf file so the shared one distributed by the manager in /var/ossec/etc/shared/default/agent.conf with a wildcard path like :
the logs after /var/log/ stop being collected.
Here is a screenshot of regex showing it's working :
Of course I've done :
- a wazuh-manager restart
- a md5 sum compare of the version of the agent.conf and the one applied to my client agent.conf and the conf is well pushed.
I hope I have well explained the thing, but anyway don't hesitate in asking me more infos about it
Thanks anyway for the time you have invested by helping me