Actually I should proof read my post before submitting it :) I have my installer setup a nightly scheduled task that:
1. Stops OSSEC service 2. Rolls ossec.log.2 to ossec.log.3 3. Rolls ossec.log.1 to ossec.log.2 4. Rolls ossec.log.0 to ossec.log.1 5. Rolls ossec.log to ossec.log.0 6. Starts OSSEC service As the SYSTEM service account. I do this for other services as well however some don’t like being stopped so I have to: ‘type logfile’ > logfile.0; echo “” > logfile Then move the over log files around. Provided the log file is not locked. From: [email protected] [mailto:[email protected]] On Behalf Of Nathaniel Bentzinger Sent: Friday, January 23, 2015 10:07 AM To: [email protected] Subject: RE: [ossec-list] Ossec agent ossec.log file truncation I have my installer setup a nightly scheduled task that: 1. Stops OSSEC service 2. Rolls ossec.log to ossec.log.0 3. Rolls ossec.log to ossec.log.1 4. Rolls ossec.log to ossec.log.2 5. Rolls ossec.log to ossec.log.3 6. Starts OSSEC service As the SYSTEM service account. From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Brian Kellogg Sent: Thursday, January 22, 2015 6:37 PM To: [email protected]<mailto:[email protected]> Subject: [ossec-list] Ossec agent ossec.log file truncation Is there a way to have the Windows' agent truncate the ossec.log file? thanks -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]<mailto:[email protected]>. For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]<mailto:[email protected]>. For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
