In my inputs.conf, I have:
[monitor://cust/http*/web-*/var/log/modsec-audit.log*]
[monitor://cust/http*/web-*/var/log/*access.log*]
[monitor://cust/jboss-as*/server/app-*/log/server.log]
Why did I get these errors:
08-19-2011 01:02:15.148 +0000 ERROR TailingProcessor - Unable to resolve path
for symlink: /cust/soe/usr.bak.2010-10-19T051247/man/it/man1/view.1.
08-19-2011 01:02:15.149 +0000 ERROR TailingProcessor - Unable to resolve path
for symlink: /cust/soe/usr.bak.2010-10-19T051247/man/it/man1/vim.1.
08-19-2011 01:02:15.151 +0000 ERROR TailingProcessor - Unable to resolve path
for symlink: /cust/soe/usr.bak.2010-10-19T051247/man/it/man1/vimdiff.1.
08-19-2011 01:02:15.153 +0000 ERROR TailingProcessor - Unable to resolve path
for symlink: /cust/soe/usr.bak.2010-10-19T051247/man/it/man1/vimtutor.1.
08-19-2011 01:02:15.155 +0000 ERROR TailingProcessor - Unable to resolve path
for symlink: /cust/soe/usr.bak.2010-10-19T051247/man/it/man1/xxd.1.
I didn't ask Splunk to monitor /cust/soe/ directories.
