Truncating the tables would empty it without needing to recreate it.
-Original Message-
From: ossec-list@googlegroups.com [mailto:ossec-list@googlegroups.com]
On Behalf Of dan (ddp)
Sent: Thursday, January 13, 2011 2:10 PM
To: ossec-list@googlegroups.com
Subject: Re: [ossec-list] How to Pu
On Thu, Jan 13, 2011 at 10:28 AM, Devendra Agrawal
wrote:
> Hi,
>
> How can i urge the Ossec mysql Database?
Without digging into the sql, you can drop the database and recreate it.
On Thu, Jan 13, 2011 at 11:21 AM, Dave S wrote:
> I've used Splunk, and it's a great event analyzer but it's a *very*
> heavy client; even the "light" installation. So it's not something I'd
> want to install on every average desktop in my enterprise.
> That's why I appreciated ossec because the c
On Thu, Jan 13, 2011 at 4:37 AM, carlopmart wrote:
> On 01/12/2011 06:44 PM, Daniel Cid wrote:
>>
>> Yes, and it has worked well for me.
>>
>> One caveat is that the rids (message ids) will have to be
>> exchanged/synced between each manager in the
>> HA. A simple solution is to disable the id che
I've used Splunk, and it's a great event analyzer but it's a *very*
heavy client; even the "light" installation. So it's not something I'd
want to install on every average desktop in my enterprise.
That's why I appreciated ossec because the client and protocol are
very small, so the system scales w
Hi,
How can i urge the Ossec mysql Database?
DRBD is a little tricky to set up but once you do , it is rock solid.
http://www.drbd.org/
On 01/13/2011 04:37 AM, carlopmart wrote:
On 01/12/2011 06:44 PM, Daniel Cid wrote:
Yes, and it has worked well for me.
One caveat is that the rids (message ids) will have to be
exchanged/synced between
On 01/12/2011 06:44 PM, Daniel Cid wrote:
Yes, and it has worked well for me.
One caveat is that the rids (message ids) will have to be
exchanged/synced between each manager in the
HA. A simple solution is to disable the id check, so it should just
work without any sync...
A good setup is like