Does /var/ossec/logs/alerts/2010/Nov exist? I think /var/ossec/archives only store the <logall> archives, not the alert archives (but I can't double check at the moment).
On Mon, Nov 29, 2010 at 4:20 PM, Chris <[email protected]> wrote: > I am a newbie to OSSEC. I am seeing daily gzipped files in /var/ossec/ > logs/archives/{Month}, but the gzipped files have no content - it > doesn't seem to be gzipping the actual files from /var/ossec/logs/ > alerts/alerts.log. > > Is there some place this needs to be configured? > > Thanks
