Fail to delete duplicate with pm_norepeat
Hello,
I'm trying to avoid having duplicate logs send to my OSSIM server. I tried using the pm_norepeat module but to no avail. Here the line I added in nxlog.conf file :
<Processor sans_doublons> Module pm_norepeat </Processor>
<Route route_windows_logs> Path in_windows_events => sans_doublons => out_alienvault_csv </Route>
I also tried adding "CheckFields raw_event" in the processor, but I still get duplicate logs. Does anyone know what could be the problem ?
Thanks
Does anyone know what could be the problem ?
The records is not identical or there are other records between but it is hard to tell without actually looking at it.