On Jul 22, 2015 7:50 AM, "Farnsworth, Robert" <[email protected]> wrote: > > Yes, ossec-monitord is running ossec 31115 1 0 Jul21 ? 00:01:17 /var/ossec/bin/ossec-monitord > >
I think monitord runs as ossecm. Maybe try changing the owner of the ossec.log file to ossecm? > > > > I do not believe the FS is out of inodes. > > > > Filesystem Inodes IUsed IFree IUse% Mounted on > > /dev/mapper/vg00-rootvol > > 524288 108242 416046 21% / > > tmpfs 2041271 1 2041270 1% /dev/shm > > /dev/sda1 32768 52 32716 1% /boot > > /dev/mapper/vg00-homevol > > 1048576 2477 1046099 1% /home > > /dev/mapper/vg00-tmpvol > > 131072 22 131050 1% /tmp > > /dev/mapper/vg00-varvol > > 327680 4296 323384 2% /var > > /dev/mapper/vg00-crashvol > > 81920 11 81909 1% /var/crash > > /dev/mapper/vg00-auditvol > > 65536 21 65515 1% /var/log/audit > > /dev/mapper/vg01-optvol > > 655360 3557 651803 1% /opt > > > > > > > > From: [email protected] [mailto:[email protected]] On Behalf Of dan (ddp) > Sent: Wednesday, July 22, 2015 7:42 AM > To: [email protected] > Subject: Re: [ossec-list] OSSEC Log Rotation Failing > > > > > On Jul 22, 2015 7:38 AM, "Farnsworth, Robert" <[email protected]> wrote: > > > > My log rotation has all of a sudden started to fail on two of my managers, this is causing my file system to fill up every night. > > > > Is the fs out of inodes? Is ossec-monitord running? > > > > > > > Any suggestions to correcting this problem. > > > > > > > > -rw-r-----. 1 ossec ossec 9959839 Jul 14 04:01 ossec-alerts-13.log.gz > > > > -rw-r-----. 1 ossec ossec 398 Jul 14 04:01 ossec-alerts-13.log.sum > > > > -rw-r-----. 1 ossec ossec 0 Jul 15 04:02 ossec-alerts-14.log.gz > > > > -rw-r-----. 1 ossec ossec 0 Jul 15 04:02 ossec-alerts-14.log.sum > > > > -rw-r-----. 1 ossec ossec 0 Jul 16 04:01 ossec-alerts-15.log.gz > > > > -rw-r-----. 1 ossec ossec 0 Jul 16 04:01 ossec-alerts-15.log.sum > > > > -rw-r-----. 1 ossec ossec 0 Jul 17 04:02 ossec-alerts-16.log.gz > > > > -rw-r-----. 1 ossec ossec 0 Jul 17 04:02 ossec-alerts-16.log.sum > > > > -rw-r-----. 1 ossec ossec 0 Jul 18 04:02 ossec-alerts-17.log.gz > > > > -rw-r-----. 1 ossec ossec 0 Jul 18 04:01 ossec-alerts-17.log.sum > > > > -rw-r-----. 1 ossec ossec 0 Jul 19 04:01 ossec-alerts-18.log.gz > > > > -rw-r-----. 1 ossec ossec 0 Jul 19 04:01 ossec-alerts-18.log.sum > > > > -rw-r-----. 1 ossec ossec 0 Jul 20 04:03 ossec-alerts-19.log.gz > > > > -rw-r-----. 1 ossec ossec 0 Jul 20 04:02 ossec-alerts-19.log.sum > > > > -rw-r-----. 1 ossec ossec 0 Jul 21 04:07 ossec-alerts-20.log.gz > > > > -rw-r-----. 1 ossec ossec 0 Jul 21 04:02 ossec-alerts-20.log.sum > > > > -rw-r-----. 1 ossec ossec 0 Jul 22 04:04 ossec-alerts-21.log.gz > > > > -rw-r-----. 1 ossec ossec 0 Jul 22 04:01 ossec-alerts-21.log.sum > > > > -rw-r-----. 2 ossec ossec 3597332480 Jul 22 11:30 ossec-alerts-22.log > > > > > > > > Thanks > > > > > > > > Robert > > > > > > > > -- > > > > --- > > You received this message because you are subscribed to the Google Groups "ossec-list" group. > > To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. > > For more options, visit https://groups.google.com/d/optout. > > -- > > --- > You received this message because you are subscribed to the Google Groups "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. > > For more options, visit https://groups.google.com/d/optout. > > -- > > --- > You received this message because you are subscribed to the Google Groups "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. > > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
