1. In the UI go to Settings > ASL Configuration > Host Intrusion Detection System >
Enable Full Log retention
HIDS_ARCHIVE_ALL
By default ASL only retains Alert logs, enabling this will archive all logs. Please note this can use considerable disk space. [Default: no]
Set that to yes and save.
2. It will create a log file in /var/ossec/logs/archives.log
3. After it runs for about 45min -1hr. Set that setting back to "no"
4. Copy that log file in notepad++ and filter out all logs for the agentless device.
5. Save that file and send it to us.
Comments
0 comments
Please sign in to leave a comment.