We have log files that must be kept for six years and we have log files that must be kept for one year. Log files older than 6 years or 1 year must be expunged after that period. For example, coldfusion logs need to be saved for six years, but maillogs only need to be kept for 1.
Currently, we logall to one ossec server, so the 6 and 1 logs are mixed. Policy requires us to change this according to the rule above. Is this possible with OSSEC alone or does this require an additional or new tool? -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
