Hi All, We faced the issue with killing network bandwidth for high number of events. Problem with collecting Windows Event logs.
In OSSEC we are collecting windows event logs with below configuration. <localfile> <location>Application</location> <log_format>eventlog</log_format> </localfile> <localfile> <location>Security</location> <log_format>eventlog</log_format> </localfile> <localfile> <location>System</location> <log_format>eventlog</log_format> </localfile> But here problem is, if there were some error detected in system, those huge system logs are being captured by OSSEC and sent the same to OSSEC servers. That creates a impact on Network Bandwidth Can you suggest your views, if we can implement any rule to discard the connection from OSSEC agent to Servers if it crosses some threshold. Like if the we will get Event count after '20000': 13179011->8264848 (62%), there should be some rule which stops the connection between OSSEC agent with servers and help us to stop bandwidth killing. Regards, Priyonko -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
