On 20.09.2012 09:03, Ludwig Adam wrote:
If I may jump in.
We were wondering the same thing how ossec accomplishes it- but
obviously it is currently not implemented- we will setup the
"shrinking" log file detection.
It's already there, and it's not just for ossec logs. Look at rule ID
592.
[root@hostname ossec]# cat /dev/null >
/data/logs/172.16.0.1/172.16.0.1.log
OSSEC HIDS Notification.
2012 Sep 20 09:26:51
Received From: hostname->ossec-logcollector
Rule: 592 fired (level 8) -> "Log file size reduced."
Portion of the log(s):
ossec: File size reduced (inode remained):
'/data/logs/172.16.0.1/172.16.0.1.log'.
--END OF NOTIFICATION
