When using the built in DCS Windows Detection (IDS) policy, you want to monitor muliptle web access log files under Web Attack Detection Global Settings but see that there is only the option for one path.
All versions of DCS IDS policies
By design, DCS detection policy will only allow monitoring of one log file.
The current workaround to see events from a different log than you specify in the built in policy, is to create a separate text log rule and add the web attack detection rules manually. A separate rule would need to be created for each of the logs you wish to monitor.
Subscribing will provide email updates when this Article is updated. Login is required.