On Tue, Nov 27, 2018 at 6:04 AM <pkrawa...@gmail.com> wrote: > > Hello, > > i am using alienvault ossec for windows machines. > There is a very big ossec.log file on the agents after a while. Is there a > possibility to enable logging to local ossec.log file just for debugging > purposes and disable it in the meantime? > I don't think that the ossec.log is needed for Intrusion detection itself, > right? > It is possible to delete the ossec.log while the Agent is running, but there > will be a new one after restarting. > > Maybe this is a strange question, but it would be nice if someone could help > me. > Thanks in advance! :-) > > Best Regards > > Peter >
I think you'd have to modify merror() or _log() in src/shared/debug_op.c to know whether it should write to the file or not. > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to ossec-list+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
