Yes, this is easy to do. The alert log is stored in /var/ossec/logs/alerts/ossec.log and then rolled daily into /var/ossec/logs/alerts/$YEAR/$MONTH/ossec-alerts-$DAY.log.gz
cheers, cnk On Tue, Jun 9, 2009 at 3:07 AM, <[email protected]> wrote: > > > Hello > > first of all I have to admit that I did not yet use OSSEC :-( > Nevertheless i do have a question: > > > 1. > Is it possible to remove old alerts selectively (e.g. all from 2007)? > > > Thank you very much! > > John > > > > > > > > > >
