On Wed, Jun 27, 2012 at 2:29 PM, dan (ddp) <[email protected]> wrote: > On Wed, Jun 27, 2012 at 2:38 AM, C. L. Martinez <[email protected]> wrote: >> Hi all, >> >> Can somebody explains me what advantages exists when a database is >> used to store logs?? For me, the real advantage is when ossec-report >> is launched. I have a lot of logs to manage daily that comes from a >> alerts (arround 4 GiB in plain text every day), and it is very >> difficult to launch ossec-report under this condition. Is it possible >> to configure ossec-report to use database stored logs instead to use >> plain text files?? >> >> Thanks. > > ossec-reportd doesn't use the database at all. If you want to create > reports based on the db, you'll have to develop them yourself. It'd be > a great project for someone though, I'm sure a number of people would > be interested in it.
Ok, understood ... then I think best option is to use ELSA (http://code.google.com/p/enterprise-log-search-and-archive/) ...
