Is there a way to tell OSSEC to use the timestamp of the actual logfile entry rather than its own "internal timestamp of when it sees the alert"?
This should be a configuration option - *hint hint* Unless there is already a way to do this. thanks K
Is there a way to tell OSSEC to use the timestamp of the actual logfile entry rather than its own "internal timestamp of when it sees the alert"?
This should be a configuration option - *hint hint* Unless there is already a way to do this. thanks K