Actually, I noticed this is just a symptom of the real issue. The real issue seems to be that agent.conf doesn't get acknowledged after recompiling ossec-logcollector.
Has anybody come across this? What can be done to remedy this behavior? On Aug 5, 4:54 pm, jplee3 <[email protected]> wrote: > Hi all, > > So we ran into an issue with "Large message size" warnings filling up > the ossec.log file and causing the file to grow out of control and use > up disk space. I went ahead and commented out the lines in > read_syslog.c and read_multiline.c to prevent this from happening in > the future, but then noticed after starting OSSEC back up, that the > full commands weren't running. > > I made sure to backup the original ossec-logcollector, and when I > restored it and restarted OSSEC, the full commands showed up as > running in the ossec.log > > At first I thought it was the changes I made with commenting out the > "Large message size" lines, so I deleted the dir, untarred to a fresh > folder, and compiled straight away. Copied the ossec-logcollector > over, restarted OSSEC, and no go with full command. > > Is there something I'm missing when compiling in src/logcollector? I > noticed that read_fullcommand.c does exist in this directory.
