On Tue, Mar 8, 2016 at 5:53 AM, <[email protected]> wrote: > > If we don't delete these tag in local ossec.conf, it sends these log again. > > It doesnt solve problem, any suggesion? >
How do you currently do configuration management? > > 8 Mar 2016 tarihinde 12:29 saatinde, Jesus Linares <[email protected]> şunları > yazdı: > > Hi, > > check out the documentation: > http://ossec-docs.readthedocs.org/en/latest/manual/agent/agent-configuration.html > > It would be something like: > > /var/ossec/etc/shared/agent.conf: > > <agent_config os="Windows"> > <localfile> > <location>Security</location> > <log_format>eventchannel</log_format> > <query>Event/System[EventID!="4648" and EventID!="4656" and > EventID!="4658"]</query> > </localfile> > </agent_config> > > Regards. > Jesus Linares. > > On Monday, March 7, 2016 at 3:02:49 PM UTC+1, Abdulvehhab Agin wrote: >> >> Hi, >> >> >> We have lots of ossec.agent on Windows system; These ossec's generate too >> much "Audit Logs" and we don't want to collects these logs; >> >> >> When i change Ossec.conf on client manually : >> >> >> ## New Ossec.conf >> ------------------------ >> >> <localfile> >> <location>Security</location> >> <log_format>eventchannel</log_format> >> <query>Event/System[EventID!="4648" and EventID!="4656" and >> EventID!="4658"]</query> >> </localfile> >> >> ------------------------ >> >> >> It works good but, we don't want to change this config manually on each >> computer; Is there a way to deploy this config via OSSEC Server like >> shared/agent.conf >> >> >> >> Thanks for any help. >> >> >> >> >> > -- > > --- > You received this message because you are subscribed to a topic in the > Google Groups "ossec-list" group. > To unsubscribe from this topic, visit > https://groups.google.com/d/topic/ossec-list/UFQ5gE9HZHw/unsubscribe. > To unsubscribe from this group and all its topics, send an email to > [email protected]. > For more options, visit https://groups.google.com/d/optout. > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
