Thank you. That was exactly the link I was looking for. Since /var/ossec/stats is not configurable, is there any other way I can measure the volume of eps that ossec (log-collector and analysisd) handle for a test run?
For e.g. if I have OSSEC monitor a log file for an hour, is there any way I can generate a report showing how many EPS were processed? On Tue, Sep 21, 2010 at 6:14 PM, dan (ddp) <[email protected]> wrote: > The following link outlines the various options: > http://www.ossec.net/main/manual/configuration-options/ > > If the stats you're looking to have updated at the ones in > /var/ossec/stats, there aren't really any configuration options for > those. > >
