On Wed, Jun 18, 2014 at 2:19 AM, horst knete <[email protected]> wrote: > Hi, > > thx for your response. > > Considering some changelogs that i saw and the tests that i made, ossec > still dont "buffer" the logs/ continue with the last not sent event. >
The OSSEC project does accept code contributions. > Indeed i tested NXLOG as the shipper for windows-events and it works pretty > well in the comunity edition but dont have the ability to manage the configs > of all "agents" from one server :/. > > But i think thats better than nothing. > > Cheers > Am Dienstag, 17. Juni 2014 16:40:04 UTC+2 schrieb Michael Starks: >> >> On 2014-06-17 3:17, horst knete wrote: >> > Hey Guys, >> > >> > we are implementing an OSSEC Installation in our Environment due the >> > the great functionality of the System. >> > >> > We got Agents on both Linux and Windows and the Log Shippment is >> > working fine. >> > >> > But as we tested what happen if the OSSEC Server goes down (i. e. for >> > maintenance) the Windows-Logs which are produced in the downtime >> > doesnt get shipped to the OSSEC Server after he is online again. >> >> I think the new eventchannel functionality is designed to bookmark the >> last location of the logs and ship them, but that may be only if the >> agent service is down, not the manager. And eventchannel doesn't work at >> all for me, so it may be a moot point. For this and other reasons, I >> don't use the OSSEC agent for log transport on Windows. Consider using >> something like NXLOG, which should be feature-full enough for your >> requirements, and then analyze the logs as syslog on the manager. > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
