On Tue, Oct 2, 2018 at 4:10 AM Bummi <[email protected]> wrote: > > Hi! > > We use Splunk to pull Windows events in, so for us it would be redundant for > us to pull them in with OSSEC tagent as well. We just want to use the OSSEC > agent for FIM. > > How can I go about disabling Windows event forwarding in the shared > agent.conf file? >
I haven't tried it, but I think you'd need to remove any <localfile> entries from the ossec.conf on each agent. > > Thanks, > > -B > > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
