Two specific questions
Are the amount of logs cached/tracked configurable? (Specifically for linux agents) when the agent cannot reach the ossec-server (yes I read the discussion from 2010, looking for updated thoughts here) How, specifically, does the agent handle being down/restarted? For instance, ossec-agent is reading /var/log/syslog , we restart ossec-agent, where does the agent pick up in the /var/log/syslog file and HOW does it know where to pick up? Asking for 2.8.3 and forward please All the best -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.