morning, I have a question and problem, I made a q...
# generalh
Hello_There
04/07/2021, 2:45 PMmorning, I have a question and problem, I made a query to bring powershell events through the powershell_events table:
I created a pack with this query
select * from powershell events
But when I did it started to get a flood of events and the traffic went up from 150MB to 1GB I realized after 5 min later ....
When I realized I stopped the pack, even excludes it but still this event keeps coming
is there anything to be done so that the hosts stop sending or just wait to normalize?
This pack was run for 2500 hosts
✅ 1
z
zwass
04/07/2021, 3:27 PM
Potentially you could set
--buffered_log_max✅ 1
h
Hello_There
04/07/2021, 4:55 PM@zwass Nice!
I'll try this right now
Hello_There
04/07/2021, 5:17 PM@zwass
it worked perfectly, the buffer was cleared and the traffic practically zeroed, I will wait a few hours and return to the default values.
z
zwass
04/07/2021, 5:17 PM
Nice!
4 Views