It removes the entire db for the agent you run it against.
On Tue, Jun 21, 2011 at 11:23 AM, Christopher Moraes <[email protected]> wrote: > Hi, > I'm reading the man page of syscheck-control > (http://www.ossec.net/doc/programs/syscheck_control.html) and would like to > know what exactly is meant by "clearing" the syscheck database. > Does running syscheck-control -u remove the history of file changes, or does > it also remove the baseline information about files for that system? > E.g. for agent 1, if I do the following > run syscheck -> get baseline1 > change files > run syscheck -> get baseline2 (now showing changed files) > run syscheck-control -u (history is removed) > Does this mean that only baseline2 is removed? or is everything (baseline1 & > baseline2) removed? > If it is the latter, then if I again change some files on the agent and run > syscheck again, I should not get any alerts for modified files (since there > is no baseline on the manager). Is this correct? > Regards, > Chris >
