On 12/17/2010 04:32 PM, dan (ddp) wrote:
On Fri, Dec 17, 2010 at 4:52 AM, carlopmart<[email protected]> wrote:Hi all,I have installed two ossec servers to provide HA for several agents. Using a software load balancer, this scenario works as I expected. But I have a problem with six servers (all linux based) that resides on the same OSSEC servers subnet. I can't use a load balancer in this subnet. Then, a) Is it possible to configure at some place on the host agent side how long logs should be kept locally??No. Well nothing in OSSEC. The system logs will last as long as the system is configured to store them.
Uhmmm ... I have do it a test. I have stopped ossec server. Then, I launch ssh session to a server with an ossec agent installed. I have put a wrong password. After, 5 min I started ossec server and ossec agent doesn't forward this alarm ... Are you sure that if ossec server is stopped, ossec agent stores logs and alarms until ossec server returns??
--
CL Martinez
carlopmart {at} gmail {d0t} com
