Hi,
I have been working on configuring OSSEC to monitor some Ubuntu virtual boxes hosting web servers. The manager server is a smallish vbox originally created to host Nagios and MRTG. Today as I was trying to edit the ossec.conf, I got a 'swap write error'. OSSEC had filled the smallish HD with diff files on the mrtg directories. Here is an example of the files (there is something similar for every port on every cisco port in the building): -rw-r--r-- 1 root root 1669 2012-11-16 12:12 catalyst2960g48_gigabitethernet0_10-day.png -rw-r--r-- 1 root root 6883 2012-11-16 12:12 catalyst2960g48_gigabitethernet0_10.html -rw-r--r-- 1 root root 86325 2012-11-16 12:12 catalyst2960g48_gigabitethernet0_10.log -rw-r--r-- 1 root root 2592 2012-11-16 12:07 catalyst2960g48_gigabitethernet0_10-month.png -rw-r--r-- 1 root root 86503 2012-11-16 12:07 catalyst2960g48_gigabitethernet0_10.old -rw-r--r-- 1 root root 0 2012-11-16 12:27 catalyst2960g48_gigabitethernet0_10.tmp -rw-r--r-- 1 root root 1848 2012-11-16 12:07 catalyst2960g48_gigabitethernet0_10-week.png -rw-r--r-- 1 root root 3422 2012-11-16 12:07 catalyst2960g48_gigabitethernet0_10-year.png -rw-r--r-- 1 root root 1525 2012-11-16 12:12 catalyst2960g48_gigabitethernet0_11-day.png -rw-r--r-- 1 root root 6910 2012-11-16 12:12 catalyst2960g48_gigabitethernet0_11.html -rw-r--r-- 1 root root 88774 2012-11-16 12:12 catalyst2960g48_gigabitethernet0_11.log -rw-r--r-- 1 root root 2255 2012-11-16 12:07 catalyst2960g48_gigabitethernet0_11-month.png -rw-r--r-- 1 root root 81379 2012-11-16 12:07 catalyst2960g48_gigabitethernet0_11.old -rw-r--r-- 1 root root 0 2012-11-16 12:27 catalyst2960g48_gigabitethernet0_11.tmp It seems the mrtg .png files have all been copied to the ossec diff directories. Is there a way to stop this other than not monitoring the web directory? Any help is appreciated, Thanks, Sue
