Hello: Is it possible to expand the amount of monitoring and logging that OSSEC currently has in regards to the Windows Event Viewer log for System, Application, and Security? Meaning, I want OSSEC to record every single event recorded into the event viewer regardless if there is a rule to alert/correlate on it. I would then in turn ship the logs via Syslog to a log server, alerts and non-alerts in all. Any event, regardless of criticality would be able to be sent from agent to server then shipped via Syslog.
Is that even a possibility? I would have to imagine it would be somewhat possible, hopefully so. Thanks! -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
