On Fri, Jan 27, 2012 at 12:15 PM, Bruno Cacheira <[email protected]> wrote: > Good day to all > > > > I'm wondering if you could shed some light on a small issue I have... I want > to delete older logs (say, last year's) but I will lose chained checksums, > correct? Can this be avoided? According to > http://www.ossec.net/wiki/index.php/Know_How:LogSign, I’d have to > recalculate, if possible (and in doing so, lose forensic validity, I’d > imagine). >
If I understand it all correctly, you'd only really lose 1 md5. No biggie. > > > I know I can just stop ossec and delete everything, but that's not what I > want. Also, can this be automated, other than in a shell script, I mean? > Some ossec config option, for instance. I’ve read the documentation and > found nothing but I thought I’d ask. > OSSEC does not do this, you'll have to create a script or something to do it. > > > Thanks and kind regards, > > B Cacheira
