Hi all, In our environment, on the management server (version 2.7, CentOS 6 64 bit), OSSEC is installed on a dedicated mount point at /var/ossec (fairly new install, has been online since this past December). We have a mixture of Windows and Linux agents (200 or so). The /var/ossec mount point on the management server ran out of inodes, despite only having about 3% of 20 gigs disk utilization. I determined that the inodes (1.3 million of them) were getting used in /var/ossec/queue/diff. I was able to clean them up and clear syscheck database of the agents, after which everything started working again. However, I was wondering what piece of OSSEC would be writing to /var/ossec/queue/diff and which configuration option would be doing so? Please advise and thanks.
Aaron -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
