On 2014-11-18 6:55, DefensiveDepth wrote:
I have an OSSEC agent monitoring some Windows eventlogs through the
eventchannel config and then sending them to the OSSEC manager and
archiving them. The SIEM is then parsing the archive and indexing the
logs. Unfortunately, these eventlogs are multiline, and the SIEM that
is being used is having issues with multiline logs.... Is there any
way to have OSSEC convert/strip out the new lines from the logs as it
processes them and sends them to the manager?
This is a bug: https://github.com/ossec/ossec-hids/issues/224
--
---
You received this message because you are subscribed to the Google Groups "ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
