The log file active-response.log was getting way too big; therefore, I was looking around for a way to get it to rotate like the rest of the files. I found that I could send this information to Maillog or Messages and I thought that was a good idea.
First, I no longer think it is a good idea, I should just add active-response.log to linux log rotation. Second, it did not work. So I am not getting any logging of active-response activity Third, I did this when I was tired and for the life of me I can not figure out where I made this change. I have looked through ossec.conf. I have even reloaded (not upgrade) ossec to remove my mistake. If anyone knows what I am talking about, please point me in the right direction. If you have some questions that would help lead us in the right direction, then let me know. Thanks, Steve
