Hi, thx for your response.
Considering some changelogs that i saw and the tests that i made, ossec still dont "buffer" the logs/ continue with the last not sent event. Indeed i tested NXLOG as the shipper for windows-events and it works pretty well in the comunity edition but dont have the ability to manage the configs of all "agents" from one server :/. But i think thats better than nothing. Cheers Am Dienstag, 17. Juni 2014 16:40:04 UTC+2 schrieb Michael Starks: > > On 2014-06-17 3:17, horst knete wrote: > > Hey Guys, > > > > we are implementing an OSSEC Installation in our Environment due the > > the great functionality of the System. > > > > We got Agents on both Linux and Windows and the Log Shippment is > > working fine. > > > > But as we tested what happen if the OSSEC Server goes down (i. e. for > > maintenance) the Windows-Logs which are produced in the downtime > > doesnt get shipped to the OSSEC Server after he is online again. > > I think the new eventchannel functionality is designed to bookmark the > last location of the logs and ship them, but that may be only if the > agent service is down, not the manager. And eventchannel doesn't work at > all for me, so it may be a moot point. For this and other reasons, I > don't use the OSSEC agent for log transport on Windows. Consider using > something like NXLOG, which should be feature-full enough for your > requirements, and then analyze the logs as syslog on the manager. > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
