Not that I'm aware of, beyond grepping the logfile for events during the time you want and counting that. If you turn on the logall option, you could compare that number to the number of events in the archive logfile.
On Tue, Sep 21, 2010 at 7:07 PM, Christopher Moraes <[email protected]> wrote: > Thank you. That was exactly the link I was looking for. > Since /var/ossec/stats is not configurable, is there any other way I can > measure the volume of eps that ossec (log-collector and analysisd) handle > for a test run? > For e.g. if I have OSSEC monitor a log file for an hour, is there any way I > can generate a report showing how many EPS were processed? > > On Tue, Sep 21, 2010 at 6:14 PM, dan (ddp) <[email protected]> wrote: >> >> The following link outlines the various options: >> http://www.ossec.net/main/manual/configuration-options/ >> >> If the stats you're looking to have updated at the ones in >> /var/ossec/stats, there aren't really any configuration options for >> those. >> >
