Is it true that the windows security, system and application logfile can not be excluded by the OneAgent configuration?
Solved! Go to Solution.
You want to have access to process logs and not host logs, which means turning off logging at the host level is not acceptable? Because I think there is no option to just turn off host level logs. Maybe someone else knows of a hidden flag.
Thanks for the reply, the use case was based on a request to turn off the access to the security log, But answer will be the same (-;
Hi, is there a way to get this done for security logs!
Good news. It appears they added some new support that will let you do this:
--set-system-logs-access-enabled=false disables access to logs
--set-system-logs-access-enabled=true enables access to logs
Hope this helps!
I do find this statement confusing however: "OneAgent doesn't currently download any Windows system logs, but this can change in future releases." Based on this statement, I would say test it out and see if it works for you or not!
Arg. I should have read more carefully before posting:
"Note that this is a self-diagnostics setting"
The mentioned setting affects only if system logs are included in the support archive created for an agent. It doesn't affect log monitoring functionality. In log monitoring you can disable the mentioned logs from uploaded in UI in the log sources configuration, but to my knowledge, it is not possible for on-demand access.
An update - there is a troubleshooting possibility to turn off the security log, but unfortunately you need to contact support to do that.