On Wed, Jun 27, 2012 at 2:38 AM, C. L. Martinez <[email protected]> wrote: > Hi all, > > Can somebody explains me what advantages exists when a database is > used to store logs?? For me, the real advantage is when ossec-report > is launched. I have a lot of logs to manage daily that comes from a > alerts (arround 4 GiB in plain text every day), and it is very > difficult to launch ossec-report under this condition. Is it possible > to configure ossec-report to use database stored logs instead to use > plain text files?? > > Thanks.
ossec-reportd doesn't use the database at all. If you want to create reports based on the db, you'll have to develop them yourself. It'd be a great project for someone though, I'm sure a number of people would be interested in it.
