Afaik ossec-monitord rotates and compresses the logs (archives.log, alerts.log, ossec.log) every day (exactly at midnight). There are some monitord options at /var/ossec/etc/internal_options.conf
No option to delete those logs automatically though. A cron task would be my way to go. On Mon, Nov 9, 2015 at 8:40 AM, Patrick Tobin <patrick.to...@syniverse.com> wrote: > I use logrotate to rotate the OSSEC log on the server. Below is my config > in /etc/logrotate.conf. > > > /var/ossec/logs/ossec.log { > daily > copytruncate > create 660 ossec ossec > rotate 10 > } > > > > Thanks, > Patrick > ------------------------------ > *From:* ossec-list@googlegroups.com [ossec-list@googlegroups.com] on > behalf of dan (ddp) [ddp...@gmail.com] > *Sent:* Friday, November 06, 2015 8:31 AM > *To:* ossec-list@googlegroups.com > *Subject:* Re: [ossec-list] Ossec logrotate > > > On Nov 6, 2015 8:25 AM, "Kévin Printz" <printz.ke...@gmail.com> wrote: > > > > Hello, > > > > I try to find some documentation on OSSEC logs rotate, but I don't found > any answer. I saw that OSSEC rotates some of its own logs as alerts, > archive and firewall. The rotates are made every day into compressed files > in a subfolder. > > But what I understand, is that the rotate files are always keep, and > never deleted, right ? There is no way to tell OSSEC to delete those files > every months for example ? (if I want to keep one month log) Or to not > rotate the files at all, so I can use logrotate directly on it. > > > > Writing a crontab entry to prune old log files shouldn't be too hard. I > don't know how ossec handles logrotate though. > > > And then, the ossec.log file seems to not be rotate. Can I do a log > rotate on it (with logrotate for instance) without having to restart > ossec-hids ? Or if I rotate this file, I have to restart ossec ? > > I tried to find answers on the ossec-list group, but I didn't find > anything relevant on it. > > > > Thanks a lot, > > Regards, > > Kevin. > > > > -- > > > > --- > > You received this message because you are subscribed to the Google > Groups "ossec-list" group. > > To unsubscribe from this group and stop receiving emails from it, send > an email to ossec-list+unsubscr...@googlegroups.com. > > For more options, visit https://groups.google.com/d/optout. > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to ossec-list+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to ossec-list+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.