On Fri, Sep 9, 2016 at 1:11 PM, Stephen LuShing wrote:
> So if you saved log file start to fill up your partition - can you remove
> the old one's manually or does OSSEC needs them. I assume if you need to
> look back - you can use these files - how can this be done
>
You can move them. You might
So if you saved log file start to fill up your partition - can you remove
the old one's manually or does OSSEC needs them. I assume if you need to
look back - you can use these files - how can this be done
Curious
Steve LuShing
On Wed, Sep 7, 2016 at 4:02 AM, Pedro Sanchez wrote:
> You are welc
You are welcome.
Yes, syscheck controls/scans are executed every 22 hours by default,
meaning that syscheck binary will scan each file looking for modifications
(checksum, groups, users, size), it will send back the update files DB and
OSSEC Manager will compare previous version with the new scan
okay, I see. thanks for the explanation.
syscheck is done every 22 hours by default, so that is what I mean by "new
syscheck".
cheers
On 6 September 2016 at 10:22, Pedro Sanchez wrote:
> Hi Daiyue,
>
> I don't really understand what you mean for "new syscheck" is replacing
> previous logs, ple
Hi Daiyue,
I don't really understand what you mean for "new syscheck" is replacing
previous logs, please could you explain this in detail?
Regarding to the rotation of alerts.log, we can't configure the log size,
it is rotating daily no matter how much weights, it will rotate every day.
If you op
Hi, I found that alerts.log is rotating that previous logs were replaced by
new syschecks, so any way to configure ossec to record previous logs, like
increasing log size?
cheers
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscr
