fw1-loggrabber icon indicating copy to clipboard operation
fw1-loggrabber copied to clipboard

Published 20 hours ago verified publisher icon certego

Ignore Fields

Open jamesspi opened this issue 7 years ago • 1 comments

Hi,

Could you just confirm - does the "IGNORE_FIELDS" setting take effect before the logs are collected, or once they are written to the log file locally?

If I understood the code correctly, they are filtered out when the opsec connection is initiated, and just aren't sent back to the collecting device - correct?

Thanks, James

jamesspi avatar Sep 11 '17 11:09 jamesspi

This part of the code was written by the FW1-LogGrabber v1 original authors.

To me, it looks like the filtering is done on the processing side, once the log files are written locally.

adepasquale avatar Sep 12 '17 08:09 adepasquale