On Wed, Jul 25, 2018 at 5:04 AM, Stephen <[email protected]> wrote: > Hi guys, > Here is my scenario. I've got an agent running on a device which goes > offline occasionally. While the system is offline I would like to cache the > logs locally and push it to the manager once I get back online. I tried to > simulate the connection outage then modify a file....once I get online the > manager didn't report the file integrity change. Any suggestions? > Thanks > Steve >
It's not great at that. You could stop the ossec processes when the system goes off line. Or you could run a local install on the flaky system. Then client syslog the logs to a local rsyslog process. Then forward the logs via tcp to the server using rsyslog. > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
