May seem a bit rudimentary but this helps to make sure your ossec log
and active response log doesnt chew up space. I do both for Windows
and Linux. Then I alert if their sizes are over a certain size.
Its helpful for systems with low space in /var or low space on C (if
you install it there).
<localfile>
<log_format>full_command</log_format>
<command>dir *.log | find ".log"</command>
<frequency>3600</frequency>
</localfile>
<localfile>
<log_format>full_command</log_format>
<command>du -ah /var/ossec/logs</command>
<frequency>3600</frequency>
</localfile>
On Feb 8, 1:50 pm, "dan (ddp)" <[email protected]> wrote:
> Does anyone have any interesting full_command examples they want to
> share? I'd love to include a few in the documentation. So if you have
> anything new and unique let's see it! I'm especially looking for
> Windows examples. I don't really have anything applicable to Windows
> except a basic netstat.
>
> dan
