Hi >From this line "What do we get from that? First, any modification on the old >logs will require changing all the next checksums." I assumed the chained checksum was used to feed the next day's sum, but after re-reading it, it does not seem to be the case. As such, you are correct, it just affects 1 sum.
About deleting automatically, no biggie. Simple script will take care of it. Thanks. > -----Original Message----- > From: [email protected] [mailto:[email protected]] > On Behalf Of dan (ddp) > Sent: sexta-feira, 27 de Janeiro de 2012 22:16 > To: [email protected] > Subject: Re: [ossec-list] Log cleanup, chaining checksums and > automating everything > > On Fri, Jan 27, 2012 at 12:15 PM, Bruno Cacheira <[email protected]> > wrote: > > Good day to all > > > > > > > > I'm wondering if you could shed some light on a small issue I have... > > I want to delete older logs (say, last year's) but I will lose > chained > > checksums, correct? Can this be avoided? According to > > http://www.ossec.net/wiki/index.php/Know_How:LogSign, I'd have to > > recalculate, if possible (and in doing so, lose forensic validity, > I'd > > imagine). > > > > If I understand it all correctly, you'd only really lose 1 md5. No > biggie. > > > > > > > I know I can just stop ossec and delete everything, but that's not > > what I want. Also, can this be automated, other than in a shell > script, I mean? > > Some ossec config option, for instance. I've read the documentation > > and found nothing but I thought I'd ask. > > > > OSSEC does not do this, you'll have to create a script or something to > do it. > > > > > > > Thanks and kind regards, > > > > B Cacheira
