On 28/09/2010 15:16, George Ochola wrote:
> Hi all
>
> How do i configure OSSEC to send an alert when a Unix file system is may be
> 80% full as opposed to the alert sent when the file system is full
>
> I need to clear the file system before it reaches 100% mark,
>
>
> Kind Regards
>
> George O.
>
>
>
Hello, not sure this can be achieved using Ossec. You could use a
cronjob with a script like:
#!/bin/sh
PART="sda2"
FREE=`df -h | grep $PART | gawk {'print $5'} | sed "s/%//"`
MAX=90
if [ $FREE -gt 80 ]; then
echo "Filesystem occupation on $PART > than $MAX" >>
/var/log/diskcheck
fi
And create a rule to handle such an alert.
Hope it helps.
William
