Hello , I'm trying to make the HIDS agent ( on a windows machine) not to forward to the ossec server some type of EVENT ID's I have HiDS agent 2.8.3 on a Windows Machine and I want it *NOT *to send events from the EVENT viewer that there numbers are 6423,6433 for example, I don't need this event's in the SIEM and to lower the traffic between them. I have found in the documentation:
<localfile> <location>System</location> <log_format>eventchannel</log_format> <query>Event/System[EventID=7040]</query></localfile> but in the type it send's Just this type of ID , I want it to send everything exapet this type of ID. Any idea how I can do it? Thank you -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
