Changing Sysmon output log path?

[nicolaipre]

I have been trying to figure out how I can change the output log path of SysmonForLinux, but have not found any options for it.

Is this something that is possible at all? We want to be able to ship our Linux syslogs to a separate place than where Sysmon logs will be going, and being able to change the log file path would therefore be ideal.

[nicolaipre]

Figured out I could do this with rsyslog instead by adding the following entry to /etc/rsyslog.d/sysmon.conf

:app-name, contains, "sysmon", "/var/log/sysmon/sysmon.log"

Leaving the issue open incase there is a different way to do this.

[MarioHewardt]

Hi - thanks for the feedback and the workaround that you discovered! Today we don't have that capability, but it is in our future roadmap.