I don't want to diff on the content of the files. But, the files in the /var/ossec/queue/diff dir took many disk space. Anyone know how to disable the copy of the monitored files to the /var/ ossec/queue/diff dir?
cheers On 11月25日, 下午5時21分, Αλέξανδρος Σδούκος <[email protected]> wrote: > Hello, > > The default as it is, I believe will not give you what changed inside the > files .The diff is performed on the hash value , so there shouldn't be > anything you need to change . > > If you want diff on the content of the file you need to specify it extra . > > Cheers > > > > > > > > On Fri, Nov 25, 2011 at 9:22 AM, Macus <[email protected]> wrote: > > I am using OSSEC 2.6 on Centos 5. I have a OSSEC server managing 6 > > servers with OSSEC agaent. > > I have added a dir to the syscheck for the file integrity check like > > below. > > > <directories check_all="yes">/users/home/john/app</directories> > > > I saw the ossec made a copy of the files inside the dir /users/home/ > > john/app in the /var/ossec/queue/diff. I think this is used for the > > diff check and showing the difference for text files. If I don't need > > the diff check function and don't want the ossec to tell me what have > > changed in the text file, how can I disable the files copy? > > Thanks
