The archives is only used if you need <logall> on OSSEC. Otherwise only the /alerts directory is used.
thanks, On Mon, Nov 29, 2010 at 5:20 PM, Chris <[email protected]> wrote: > I am a newbie to OSSEC. I am seeing daily gzipped files in /var/ossec/ > logs/archives/{Month}, but the gzipped files have no content - it > doesn't seem to be gzipping the actual files from /var/ossec/logs/ > alerts/alerts.log. > > Is there some place this needs to be configured? > > Thanks
