It looks like the stats kept in '/var/ossec/stats/totals/' are updated hourly. Not sure how to decode them off-hand though. I'm guessing something like: hour-events-alerts-something?
On Tue, Sep 21, 2010 at 7:07 PM, Christopher Moraes <[email protected]> wrote: > Thank you. That was exactly the link I was looking for. > Since /var/ossec/stats is not configurable, is there any other way I can > measure the volume of eps that ossec (log-collector and analysisd) handle > for a test run? > For e.g. if I have OSSEC monitor a log file for an hour, is there any way I > can generate a report showing how many EPS were processed? > > On Tue, Sep 21, 2010 at 6:14 PM, dan (ddp) <[email protected]> wrote: >> >> The following link outlines the various options: >> http://www.ossec.net/main/manual/configuration-options/ >> >> If the stats you're looking to have updated at the ones in >> /var/ossec/stats, there aren't really any configuration options for >> those. >> >
