To prevent this problem, I recompiled with libmagic support, which is outlined in the syscheckd documentation. The only issue I've run into using libmagic is I erroneously was monitoring a Tomcat temporary directory, and the resulting copies of millions of files caused me to run out of inodes.
I've recompiled RH packages and provided them: https://www.bsdftw.org/ossec/ If you're running Ubuntu 14.04 and attempt to recompile, check out https://groups.google.com/forum/#!searchin/ossec-list/ubuntu/ossec-list/ivqXj3zTheg/f50l9TbBA-kJ Regards, James On Wednesday, August 19, 2015 at 10:51:26 AM UTC-4, Jamey B wrote: > > I'm making a CRON job to remove anything in the queue folder, would this > be a good CRON job if I wanted the directory cleared if the items are over > 5 days old and I want it ran once a day at 10PM? The last time I took my > OSSEC server down, the agent disk space started getting too big in > /var/ossec/queue/diff/local after a few weeks. Would any other directories > do the same thing, or is this the only directory that gets queue data? > > 0 22 * * * /usr/bin/find /var/ossec/queue/diff/local/* -mtime +5 -exec rm > {} \; > > > I don't want the OSSEC agent to take up a lot of disk space, what else > could I do? > > > > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
