A couple feature requests #90
Assignees
Labels
enhancement
thats a planned enhancement
Comments
devnulli
added
question
ad Part 2: changed the comment in the config.xml so that it now states:
|
ad Part 1:that will be implemented, as it is also how fail2ban does it (iirc) |
devnulli
added
enhancement
|
reopened for part 1 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Part 1
Feature request: Global config file settings for:
Then for each type of event (RDP, SSH, FTP etc...) the same four XML elements can be present, and global settings used if they are empty.
Part 2
Also, how does the EvlWatcher Windows service work? Does it pull all Windows Security events within EventAge every time it polls the Windows Security Event Log? Or does it only do that when the service starts, and after that it only pulls events that have been created since the last polling, aggregating across multiple pollings, and dropping events if they are older than EventAge? I ask because if someone set EventAge to 10 hours expecting it to do the latter, they would probably use a different value like 10 minutes if they knew it did the former. I recommend explaining clearly how the service works in the config file.
The text was updated successfully, but these errors were encountered: