On Tue, Sep 12, 2017 at 12:09 AM, vikas <[email protected]> wrote: > Hi All, > > I am trying to collect only syscheck and rootcheck logs, and not the > eventlogs in windows or any other log files in unix. I see some /var/log > file locations declared in ossec.conf for linux that I can comment out, but > don't see an option to turn off the log collection for windows. The > application, security and system logs are specified in default-ossec.conf on > the agent. How can I stop collecting these logs without having to touch each > agent? >
If you want to turn off the collection of logs on each agent, you'll have to touch each agent. I think removing the localfile options should be enough, but I haven't tried it. > Thanks, > Vikas. > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
