Fail to delete duplicate with pm_norepeat


#1 CharlesCharles

Hello,

I'm trying to avoid having duplicate logs send to my OSSIM server. I tried using the pm_norepeat module but to no avail. Here the line I added in nxlog.conf file :

<Processor sans_doublons> Module pm_norepeat </Processor>

<Route route_windows_logs> Path in_windows_events => sans_doublons => out_alienvault_csv </Route>

I also tried adding "CheckFields raw_event" in the processor, but I still get duplicate logs. Does anyone know what could be the problem ?

Thanks

#2 b0ti Nxlog ✓
#1 CharlesCharles
Hello, I'm trying to avoid having duplicate logs send to my OSSIM server. I tried using the pm_norepeat module but to no avail. Here the line I added in nxlog.conf file : <Processor sans_doublons> Module pm_norepeat </Processor> <Route route_windows_logs> Path in_windows_events => sans_doublons => out_alienvault_csv </Route> I also tried adding "CheckFields raw_event" in the processor, but I still get duplicate logs. Does anyone know what could be the problem ? Thanks

Does anyone know what could be the problem ?

The records is not identical or there are other records between but it is hard to tell without actually looking at it.