These were creating big log files and additional event alerts while
testing, hence we reverted to the eventlog way. Thank you Victor.
On 30 September 2016 at 17:33, Victor Fernandez wrote:
> Hi Kumar,
>
> please ensure that folders "tmp" and "bookmarks" have total permissions
Hi Kumar,
please ensure that folders "tmp" and "bookmarks" have total permissions for
the "SYSTEM" user and the "Administrators" group.
Regarding the usage of Event Channel, it's advisable and almost necessary
since if your system has certain Windows monitoring events activated —such
events
Hi Victor,
It took a while for this data. We did the book mark deletion and restarted
the agent. Still we see the bookmark messages coming in ossec.log and the
log file increase is so high. Easily getting about 30 MB in a week and
majority of the logs are these bookmark messages.
So is it
Hi Team,
Need your help on this.
We have a couple of Windows Active Directory machines on which we need to
enable the event logs for Application/System/Security. There are more than a
million events which are expected from these eventlogs. Was looking in old
posts and clould see utilizing