whids Does Whids have a separate channel or place to store events and logs?

Does Whids have a separate channel or place to store events and logs?

Open thomasxm opened this issue 2 years ago • 1 comments

Does Whids have a separate channel or place to store events and logs? Like Sysmon is stored under Application and Services/ Windows / Sysmon / Operational. Do we have a place where Whids store all its logs matched its rules?

Aug 03 '23 18:08 thomasxm

Hello @thomasxmeng,

No, it does not send the logs to a dedicated log channel. However, you can find the output of its detections inside WHIDS installation directory C:\Program Files\Whids\. If you didn't change the setting, the logs matching your rules is configured in setting:

  # Forwarder's logging configuration
  [forwarder.logging]

    # Directory used to store logs
    dir = "C:\\Program Files\\Whids\\Logs\\Alerts"

Aug 07 '23 06:08 qjerome

whids whids copied to clipboard

Does Whids have a separate channel or place to store events and logs?

whids
whids copied to clipboard