Hello, I have set up a command to monitor file permissions in Windows (Since by default Ossec only supports POSIX ). The command for example is :
<localfile>
<log_format>full_command</log_format>
<command>icacls c:\WINDOWS\system32\*.exe</command>
<alias>icacls</alias>
</localfile>
Now the question: is there a limitation how many lines can OSSEC take
and process as the output of a command ?Because I seem to be getting
only up to letter c of the executables located in that dir.
Thank you !
