I acknowledge that I should probably have a custom ignore rule for BESClient and probably my own decoder to handle the audisp-graylog JSON format.
Ughhh :-( Beyond that I'm bouncing this off the wall for comments. On Friday, June 22, 2018 at 5:19:18 PM UTC-7, Mark M wrote: > > > Since going to CentOS 7, and installing BigFix on all systems I get a LOT > of syslog rule 1003 (file too large) messages. > > > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
