Nice, I will try it.
Thanks Michael.
On Thursday, August 18, 2016 at 10:55:12 PM UTC+2, Michael P. wrote:
>
> It's a patch to bash that enables a syslog history feature. I don't know
> how much is built-in to bash and how much is custom (I just look at the
> outputs), but the following gist di
Hi,
there is no "agentID" tag for rules. It seems that in your case, the
*hostname* is the same that the *agent name*, so it could work. But,
remember that some events have the *hostname *field empty.
Usually, it is better to use the field *srcip *to ignore rules due to is
unique and it is mor
On Fri, Aug 19, 2016 at 5:17 AM, Jesus Linares wrote:
> Hi,
>
> there is no "agentID" tag for rules. It seems that in your case, the
> hostname is the same that the agent name, so it could work. But, remember
> that some events have the hostname field empty.
>
> Usually, it is better to use the fi
Thanks again Jesus!
I will definitely share what I come up with and thanks for all your
suggestions and bearing with me through this (long) thread :)
Fredrik
On Thursday, August 18, 2016 at 12:17:20 PM UTC+2, Jesus Linares wrote:
>
> Hi Fredik,
>
> Long time no see!. It is a hot summer here an
Hi Team,
Need your help on this.
We have a couple of Windows Active Directory machines on which we need to
enable the event logs for Application/System/Security. There are more than a
million events which are expected from these eventlogs. Was looking in old
posts and clould see utilizing t
