Ignore Fields
Opened this issue · 1 comments
jamesspi commented
Hi,
Could you just confirm - does the "IGNORE_FIELDS" setting take effect before the logs are collected, or once they are written to the log file locally?
If I understood the code correctly, they are filtered out when the opsec connection is initiated, and just aren't sent back to the collecting device - correct?
Thanks,
James
adepasquale commented
This part of the code was written by the FW1-LogGrabber v1 original authors.
To me, it looks like the filtering is done on the processing side, once the log files are written locally.