I'm using OSSEC Server Virtual Appliance 2.8.2 and last night I configured a few domain controllers to send it their logs. When I came in today, the WUI is displaying an error of: "Warning: fopen(/var/ossec/logs/alerts/alerts.log): failed to open stream: Value too large for defined data type in /opt/lampp/htdocs/ossec-wui/lib/os_lib_alerts.php on line 839"
My alerts.log file is 3.5G. If I delete it and restart ossec services, the file is recreated at 3.5G. Is this an issue with file size? If so, can I up the log rotation to more than just once a day? And how would I flush whatever buffer keeps recreating the 3.5G alerts.log file so I can get back to reviewing logs? Similar, but unanswered message from 2013: https://groups.google.com/forum/#!msg/ossec-list/topCxSvvmBk/5t4YEfPTTYUJ Thanks. Dan -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.