This sounds like it should be reported as an issue/bug on Github. On Friday, September 25, 2015 at 6:55:39 AM UTC-7, Farnsworth, Robert wrote: > > Thought I would let you know I have resolved this, I believe the problem > stemmed from my alerts.log getting way too large and the Log Rotation could > not handle the size of the file. > > So I filtered a bunch of windows event alerts to get the logs to a > manageable level and the rotation is doing it's job again. > > The OSSEC Log Rotation routine must have some limitations on file size. > > Thanks for all your help. > > Robert > > -----Original Message----- > From: [email protected] <javascript:> [mailto: > [email protected] <javascript:>] On Behalf Of dan (ddp) > Sent: Wednesday, September 16, 2015 12:36 PM > To: [email protected] <javascript:> > Subject: Re: FW: [ossec-list] Re: Log Rotation issues > > On Wed, Sep 16, 2015 at 12:18 PM, Farnsworth, Robert <[email protected] > <javascript:>> wrote: > > No it did not. > > I made the change and restarted OSSEC I don’t remember us talking about > a recompiling. > > > > Sorry if I forgot to mention it, I meant to. When you change the > sourcecode you'll have to recompile and install the new binaries. Then > restart the processes. Running the install.sh script should accomplish this > (it will "upgrade" over itself). > > > > > -----Original Message----- > > From: [email protected] <javascript:> [mailto: > [email protected] <javascript:>] > > On Behalf Of dan (ddp) > > Sent: Wednesday, September 16, 2015 12:17 PM > > To: [email protected] <javascript:> > > Subject: Re: FW: [ossec-list] Re: Log Rotation issues > > > > On Wed, Sep 16, 2015 at 8:50 AM, Farnsworth, Robert <[email protected] > <javascript:>> wrote: > >> The only error I see from analysisd is the read error's. One of them is > the Ossec Manager. > >> > >> Here is a sample. > >> > >> 2015/09/16 08:34:09 ossec-analysisd: ERROR: read error on > >> /queue/diff/hostname/533/last-entry > >> 2015/09/16 08:34:09 ossec-analysisd: ERROR: read error on > >> /queue/diff/ hostname/535/last-entry > >> 2015/09/16 08:37:56 ossec-analysisd: ERROR: read error on > >> /queue/diff/ hostname/535/last-entry > >> 2015/09/16 08:40:11 ossec-analysisd: ERROR: read error on > >> /queue/diff/ hostname/533/last-entry > >> 2015/09/16 08:40:11 ossec-analysisd: ERROR: read error on > >> /queue/diff/ hostname/535/last-entry > >> > > > > That was after making the change, recompiling, and restarting OSSEC? > > Did the logfile rotate properly? > > > > -- > > > > --- > > You received this message because you are subscribed to the Google > Groups "ossec-list" group. > > To unsubscribe from this group and stop receiving emails from it, send > an email to [email protected] <javascript:>. > > For more options, visit https://groups.google.com/d/optout. > > > > -- > > > > --- > > You received this message because you are subscribed to the Google > Groups "ossec-list" group. > > To unsubscribe from this group and stop receiving emails from it, send > an email to [email protected] <javascript:>. > > For more options, visit https://groups.google.com/d/optout. > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected] <javascript:>. > For more options, visit https://groups.google.com/d/optout. >
-- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
