illumiN8i
commented
1 year ago I'm running into this too. Large amounts of files are being preserved in the sysmon archive causing disk space issues.
Closed leepfrog-ger closed 1 year ago
illumiN8i
commented
1 year ago I'm running into this too. Large amounts of files are being preserved in the sysmon archive causing disk space issues.
JOGit91
commented
1 year ago Came here to say the same thing. I tracked down commit https://github.com/olafhartong/sysmon-modular/commit/c32fde3de8dcfa7b18abfc0ef7868d6526981431 where this change happened. Not sure if it was intentional or not. Like OP said, there are a couple places that says it is disabled by default. Prior to the commit, no 23 EIDs were captured by the config.
irfaan0999
commented
1 year ago Hello, I have same issue here. Is it possible to make a sysmonconfig.xml that does not save deleted files at all?
olafhartong
commented
1 year ago great point, it snuck in there at some moment, I addressed that now
Thanks for your work on this!
I'm just getting started to take the default configuration, play a bit with it and adjust it to my needs. One thing I noticed is that file deletions are archived, even though from reading the documentation I assumed this would not be the case:
Is this intended and I am missing or misunderstanding something?