In Snare agent for windows there's only the possibility to specify a general facility used for all the messages sent by the agent.
In addition to that, it would be great to add the possibility to select a specific facility for each objective rule.
For exemple, when creating a new rule for critical messages coming from the security log, there would be the possibility to select the facility security/auth.
Hi,
Sorry about the delayed reply, I haven't been receiving notifications from this tracker. After discussing your idea with a colleague, we have decided not to implement this feature at this point in time. However, we will leave the request open for a time to see if it gains more support and we may re-evaluate.
Regards, David.
I am interested too in this feature.
This would be a good feature.