I turned them OFF this way.
I am assuming you can declare just these options with no logging location
and you will have the reverse of my config
<agent_config name="example_server_name">
<rootcheck>
<disabled>yes</disabled>
<check_winmalware>no</check_winmalware>
<check_sys>no</check_sys>
</rootcheck>
<syscheck>
<auto_ignore>yes</auto_ignore>
<alert_new_files>no</alert_new_files>
<scan_on_start>no</scan_on_start>
<registry_ignore>HKEY_LOCAL_MACHINE</registry_ignore>
<registry_ignore>HKEY_USERS</registry_ignore>
<registry_ignore>HKEY_CURRENT_CONFIG</registry_ignore>
<registry_ignore>HKEY_CURRENT_USER</registry_ignore>
<registry_ignore>HKEY_CLASSES_ROOT</registry_ignore>
</syscheck>
</agent_config>
Grant
On Thursday, September 14, 2017 at 9:38:48 AM UTC-4, dan (ddpbsd) wrote:
>
> On Tue, Sep 12, 2017 at 12:09 AM, vikas <[email protected] <javascript:>>
> wrote:
> > Hi All,
> >
> > I am trying to collect only syscheck and rootcheck logs, and not the
> > eventlogs in windows or any other log files in unix. I see some /var/log
> > file locations declared in ossec.conf for linux that I can comment out,
> but
> > don't see an option to turn off the log collection for windows. The
> > application, security and system logs are specified in
> default-ossec.conf on
> > the agent. How can I stop collecting these logs without having to touch
> each
> > agent?
> >
>
> If you want to turn off the collection of logs on each agent, you'll
> have to touch each agent.
> I think removing the localfile options should be enough, but I haven't
> tried it.
>
> > Thanks,
> > Vikas.
> >
> > --
> >
> > ---
> > You received this message because you are subscribed to the Google
> Groups
> > "ossec-list" group.
> > To unsubscribe from this group and stop receiving emails from it, send
> an
> > email to [email protected] <javascript:>.
> > For more options, visit https://groups.google.com/d/optout.
>
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
