Afaik ossec-monitord rotates and compresses the logs (archives.log,
alerts.log, ossec.log) every day (exactly at midnight). There are some
monitord options at /var/ossec/etc/internal_options.conf
No option to delete those logs automatically though. A cron task would be
my way to go.
On Mon, Nov 9, 2015 at 8:40 AM, Patrick Tobin <patrick.to...@syniverse.com>
wrote:
> I use logrotate to rotate the OSSEC log on the server. Below is my config
> in /etc/logrotate.conf.
>
>
> /var/ossec/logs/ossec.log {
> daily
> copytruncate
> create 660 ossec ossec
> rotate 10
> }
>
>
>
> Thanks,
> Patrick
> ------------------------------
> *From:* ossec-list@googlegroups.com [ossec-list@googlegroups.com] on
> behalf of dan (ddp) [ddp...@gmail.com]
> *Sent:* Friday, November 06, 2015 8:31 AM
> *To:* ossec-list@googlegroups.com
> *Subject:* Re: [ossec-list] Ossec logrotate
>
>
> On Nov 6, 2015 8:25 AM, "Kévin Printz" <printz.ke...@gmail.com> wrote:
> >
> > Hello,
> >
> > I try to find some documentation on OSSEC logs rotate, but I don't found
> any answer. I saw that OSSEC rotates some of its own logs as alerts,
> archive and firewall. The rotates are made every day into compressed files
> in a subfolder.
> > But what I understand, is that the rotate files are always keep, and
> never deleted, right ? There is no way to tell OSSEC to delete those files
> every months for example ? (if I want to keep one month log) Or to not
> rotate the files at all, so I can use logrotate directly on it.
> >
>
> Writing a crontab entry to prune old log files shouldn't be too hard. I
> don't know how ossec handles logrotate though.
>
> > And then, the ossec.log file seems to not be rotate. Can I do a log
> rotate on it (with logrotate for instance) without having to restart
> ossec-hids ? Or if I rotate this file, I have to restart ossec ?
> > I tried to find answers on the ossec-list group, but I didn't find
> anything relevant on it.
> >
> > Thanks a lot,
> > Regards,
> > Kevin.
> >
> > --
> >
> > ---
> > You received this message because you are subscribed to the Google
> Groups "ossec-list" group.
> > To unsubscribe from this group and stop receiving emails from it, send
> an email to ossec-list+unsubscr...@googlegroups.com.
> > For more options, visit https://groups.google.com/d/optout.
>
> --
>
> ---
> You received this message because you are subscribed to the Google Groups
> "ossec-list" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ossec-list+unsubscr...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
>
> --
>
> ---
> You received this message because you are subscribed to the Google Groups
> "ossec-list" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ossec-list+unsubscr...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
>
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
