Re: [ossec-list] OSSEC Send Log Size

Hi. In normal operation, OSSEC connects once, on startup, and closes the socket on exiting. But, for the behavior of UDP, there isn't an actual "connection", instead of this, every datagram is independent of the rest. Maybe this is the reason why the firewall considers every delivery as a

Re: [ossec-list] OSSEC Send Log Size

Hi, Unfortunately windows audit (EventLog configuration) has not specific configuration, If audit of windows firewall event is enable, all of firewall events (chrome, internet explorer, ping, etc) is logged. (So we *cannot exclude OSSEC firewall events*) If audit of windows

Re: [ossec-list] OSSEC Send Log Size

Hi Abdulvehhab. It has sense, it falls into a infinite recursivity, But it's a bit difficult to store some messages and send them to the server since the protocol consists on one datagram per message. Even if the agent stores some messages and sends all of them at a time, the firewall would

Re: [ossec-list] OSSEC Send Log Size

At this time (sending per event immediately) *lots of* producing 5156 Windows Firewall Event: The Windows Filtering Platform has permitted a connection. Application Information: Process ID:0 Application Name:\program files (x86)\ossec-agent\ossec-agent.exe Network Information:

Re: [ossec-list] OSSEC Send Log Size

On Wed, Jun 8, 2016 at 12:48 PM, Abdulvehhab Agin wrote: > Hi, > > I am looking for optimization sending windows events log. My systems > generate too much windows events. > > I analysed network traffic via wireshark, OSSEC generates too much open > connection and send logs

[ossec-list] OSSEC Send Log Size

Hi, I am looking for optimization sending windows events log. My systems generate too much windows events. I analysed network traffic via wireshark, OSSEC generates too much open connection and send logs (about 40 /peer second) Thus, I don't want to connect ossec server for per event. Is