Hi Dan, The rotation of the OSSEC logs happen at the end of each day (as soon as the day changes). It will generate the checksum of the log and gzip it (alerts.log is just a link to the current day log at /var/ossec/logs/alerts/Year/Month/day ).
Your tool just needs to check when the inode of the alerts.log changes and re open it... Hope it helps. -- Daniel B. Cid dcid ( at ) ossec.net On 9/19/07, Dan <[EMAIL PROTECTED]> wrote: > > Hi list > > How is the logrotation of ossec build? > I use an external tool to check the alerts.log, and with the > logrotation it could happen, that i loose events. > Is there any chance to configure the timing by myself or to start the > rotation by myself? > > Regards, > Dan > > >
