hi with globalip i mean geoip , sorry my mistake.
but your advice with the monitord brings light in the tunnel. i dont check regulary the ossec.log because that i think ossec donĀ“t start if ossec.conf have an error. so now i check the ossec.log and there was an error , i one of my reports configs , so i fix it and restart ossec , and now is the monitord proccess runs again. thanks to all holger Am Freitag, 10. April 2015 19:49:24 UTC+2 schrieb Santiago Bassett: > > Hi, > > a few questions, > is ossec-monitord running? Have you restarted it? Is there any error in > ossec.log (from ossec-monitord)? > > Not sure about what you mean by globalip, what is that option for? > > Best > > On Fri, Apr 10, 2015 at 7:13 AM, Holger Glaess <[email protected] > <javascript:>> wrote: > >> hi >> >> how can i say , >> >> since aprox 4 week , he dont rotate the files anymore. >> >> >> first i think it happend about the disk capacity before i saw that the >> disk runs out of space >> due missing compression. >> >> the last what i changed , the activation of globalip at the config. >> >> version that i run 2.8 >> >> holger >> >> >> Am Freitag, 10. April 2015 00:52:29 UTC+2 schrieb Santiago Bassett: >>> >>> Hi Holger, >>> >>> you are right, the rotation of OSSEC log files (alerts, archives and >>> firewall) is managed by ossec-monitord process. Those logs are compressed >>> and signed every day. >>> >>> This work is done by the function manage_files(). You can see the source >>> code in src/monitord/manage_files.c >>> >>> This function is called every day by ossec-monitord process. See below >>> the code from src/monitord/monitord.c >>> >>> /* Day changed, deal with log files */ >>> >>> if(today != p->tm_mday) >>> >>> { >>> >>> /* Generate reports. */ >>> >>> generate_reports(today, thismonth, thisyear, p); >>> >>> * manage_files(today, thismonth, thisyear);* >>> >>> today = p->tm_mday; >>> >>> thismonth = p->tm_mon; >>> >>> thisyear = p->tm_year+1900; >>> >>> } >>> If I understood it correctly you actually wanted log files to be >>> compressed daily, and that is what OSSEC does by default. Are those not >>> being compressed in your case? >>> >>> I hope it helps, >>> >>> Santiago. >>> >>> >>> On Wed, Apr 8, 2015 at 11:10 PM, Holger Glaess <[email protected]> >>> wrote: >>> >>>> hi >>>> >>>> >>>> Am Mittwoch, 8. April 2015 19:25:11 UTC+2 schrieb Santiago Bassett: >>>>> >>>>> Hi, >>>>> >>>>> I would rely on logrotate application to configure the log rotation >>>>> according to your preferences. >>>>> >>>>> Best >>>>> >>>>> On Wed, Apr 8, 2015 at 12:48 AM, Holger Glaess <[email protected]> >>>>> wrote: >>>>> >>>>>> hi >>>>>> >>>>>> it ist possible that ossec compress the rotated logs files once per >>>>>> month ? >>>>>> >>>>>> >>>>>> can i change this to compress the log files daily ? >>>>>> >>>>>> >>>>>> holger >>>>>> >>>>>> -- >>>>>> >>>>>> --- >>>>>> You received this message because you are subscribed to the Google >>>>>> Groups "ossec-list" group. >>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>> send an email to [email protected]. >>>>>> For more options, visit https://groups.google.com/d/optout. >>>>>> >>>>> >>>>> >>>> i think inside of ossec/logs/alerts and ossec/logs/archives do ossec >>>> the rotation ? >>>> >>>> >>>> holger >>>> >>>> >>>> -- >>>> >>>> --- >>>> You received this message because you are subscribed to the Google >>>> Groups "ossec-list" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to [email protected]. >>>> For more options, visit https://groups.google.com/d/optout. >>>> >>> >>> -- >> >> --- >> You received this message because you are subscribed to the Google Groups >> "ossec-list" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected] <javascript:>. >> For more options, visit https://groups.google.com/d/optout. >> > > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
