On Tue, Aug 21, 2012 at 1:37 PM, Gil Vidals <[email protected]> wrote: > How can I clear the ossec db for the active responses? I'm not using mysql > for ossec. I have installed whatever the default db is. > > I don't need to clear the sys checks; instead I want to clear the active > responses. Is there a way to do this? > > -- > Gil Vidals > > CONFIDENTIALITY NOTICE: The information contained in this transmission may > contain privileged and confidential information. It is intended only for > the use of the person(s) named above. If you are not the intended > recipient, please contact the sender by reply email and permanently delete > the original message. >
By default OSSEC only logs to text files. I guess you could stop the OSSEC processes, clear the file, and start OSSEC back up.
