Thanks, that helps. As I posted at GH, is there anything I can do to help move this along?
-Josh On Wednesday, November 19, 2014 10:17:04 AM UTC-5, Michael Starks wrote: > > On 2014-11-18 6:55, DefensiveDepth wrote: > > I have an OSSEC agent monitoring some Windows eventlogs through the > > eventchannel config and then sending them to the OSSEC manager and > > archiving them. The SIEM is then parsing the archive and indexing the > > logs. Unfortunately, these eventlogs are multiline, and the SIEM that > > is being used is having issues with multiline logs.... Is there any > > way to have OSSEC convert/strip out the new lines from the logs as it > > processes them and sends them to the manager? > > This is a bug: https://github.com/ossec/ossec-hids/issues/224 > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
