On Fri, Nov 23, 2012 at 2:37 PM, Sue <[email protected]> wrote: > Hi, > > I have been working on configuring OSSEC to monitor some Ubuntu virtual > boxes hosting web servers. The manager server is a smallish vbox originally > created to host Nagios and MRTG. > > Today as I was trying to edit the ossec.conf, I got a 'swap write error'. > OSSEC had filled the smallish HD with diff files on the mrtg directories. > > Here is an example of the files (there is something similar for every port > on every cisco port in the building): > > -rw-r--r-- 1 root root 1669 2012-11-16 12:12 > catalyst2960g48_gigabitethernet0_10-day.png > > -rw-r--r-- 1 root root 6883 2012-11-16 12:12 > catalyst2960g48_gigabitethernet0_10.html > > -rw-r--r-- 1 root root 86325 2012-11-16 12:12 > catalyst2960g48_gigabitethernet0_10.log > > -rw-r--r-- 1 root root 2592 2012-11-16 12:07 > catalyst2960g48_gigabitethernet0_10-month.png > > -rw-r--r-- 1 root root 86503 2012-11-16 12:07 > catalyst2960g48_gigabitethernet0_10.old > > -rw-r--r-- 1 root root 0 2012-11-16 12:27 > catalyst2960g48_gigabitethernet0_10.tmp > > -rw-r--r-- 1 root root 1848 2012-11-16 12:07 > catalyst2960g48_gigabitethernet0_10-week.png > > -rw-r--r-- 1 root root 3422 2012-11-16 12:07 > catalyst2960g48_gigabitethernet0_10-year.png > > -rw-r--r-- 1 root root 1525 2012-11-16 12:12 > catalyst2960g48_gigabitethernet0_11-day.png > > -rw-r--r-- 1 root root 6910 2012-11-16 12:12 > catalyst2960g48_gigabitethernet0_11.html > > -rw-r--r-- 1 root root 88774 2012-11-16 12:12 > catalyst2960g48_gigabitethernet0_11.log > > -rw-r--r-- 1 root root 2255 2012-11-16 12:07 > catalyst2960g48_gigabitethernet0_11-month.png > > -rw-r--r-- 1 root root 81379 2012-11-16 12:07 > catalyst2960g48_gigabitethernet0_11.old > > -rw-r--r-- 1 root root 0 2012-11-16 12:27 > catalyst2960g48_gigabitethernet0_11.tmp > > > It seems the mrtg .png files have all been copied to the ossec diff > directories. Is there a way to stop this other than not monitoring the web > directory? > > Any help is appreciated, > > Thanks, > > Sue
What's your syscheck configuration?
