Hi All How to ossec can retrieve log from checkpoint device?
BR Harsono On Wed, Apr 18, 2012 at 10:59 PM, Christopher Moraes <[email protected]>wrote: > 1. You can configure syscheck to either run slowly over a longer period > of time with less CPU usage (default) or quickly over a shorter period of > time with higher CPU usage. > > To change syscheck to scan quickly, change the following parameters in > /var/ossec/etc/internal_options.conf > > syscheck.sleep=0 > syscheck.sleep_after=0 > > 2. For Windows, ensure you exclude directories that have temp files > > > > On Wed, Apr 18, 2012 at 8:44 AM, dan (ddp) <[email protected]> wrote: > >> Install in /var/ossec >> Use /var/ossec/rules/local_rules.xml >> Use /var/ossec/etc/local_decoder.xml >> >> >> On Wed, Apr 18, 2012 at 8:42 AM, Christian Niedermayer >> <[email protected]> wrote: >> > Hello, >> > >> > >> > >> > did somebody have any tuning tips or options in OSSEC (Server and >> Agent)? >> > >> > >> > >> > Regards >> > >> > >> > >> > Christian >> > >
