I have an OSSEC agent monitoring some Windows eventlogs through the eventchannel config and then sending them to the OSSEC manager and archiving them. The SIEM is then parsing the archive and indexing the logs. Unfortunately, these eventlogs are multiline, and the SIEM that is being used is having issues with multiline logs.... Is there any way to have OSSEC convert/strip out the new lines from the logs as it processes them and sends them to the manager?
Thanks! -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
