Monitor sysmon logs¶

<localfile>
  <location>Microsoft-Windows-Sysmon/Operational</location>
  <log_format>eventchannel</log_format>
</localfile>

notes

Navigation

arm
databases
DNS stuff
elastic stuff
kubernetes
OpenSSH
Operating Systems
OSSEC
rsyslogd
ssl
Stupid Unix Tricks
Tools
Vendor Stuff
misc

Related Topics

Documentation overview
- OSSEC
  - Previous: Required packages:
  - Next: mariadb

Quick search

This information has a good chance of being wrong, inconsistent, out of date, or just bad. Use at your own risk. Feel free to notify me of any issues though.