Hello Please tell me, how can I change settings for log rotation by ossec-monitord? I see only options that change compression and signing. If this is not possible can I use logrotate.d to produce splinter copies of the ‘archives’ file (which is very large in my environment) on a more regular basis than the daily copy ? will chroot limitation allow this ?
The reason for this is that we do not use OSSEC as the SIEM in this scenario and therefore parse the archives file on a realtime basis using a 3rd party SIEM agent which does not like enormous/dynamic files. Kind Regards Dave.O -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
