On Tue, Dec 5, 2017 at 8:01 AM, chintan shah <[email protected]> wrote: > Hi folks > > I just learned that ossec windows agent 2.8.3 and 2.9.2 has the option > <only-future-events> wherein logcollector ignores all the events from the > log file since it was last stopped . This can reduce lot of noise from the > windows event viewer logs . I was looking out for a similar option for > linux clients as well . If we have that option for linux clients , How do I > enable that feature to picks up the future logs and not the ones that missed > after the ossec was stopped . >
That's not a feature for the linux agents. If it's something people are interested in, create an issue on github and maybe someone will be inspired. > Regards > Chintan > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
