In one our clients at /var/ossec/logs we have the following: root@ops-bastion-1:/var/ossec/logs# ll total 56 -rw-r----- 1 root ossec 0 Jul 4 06:23 active-response.log -rw-r--r-- 1 root ossec 21296 Jul 5 10:33 active-responses.log -rw-rw-r-- 1 ossec ossec 17632 Jul 5 10:16 ossec.log
>From what I can tell in all the ossec configs, only the singular active-response.log is defined. Where is the plural file coming from? On this host, in ossec.conf: ossec.conf: <location>/var/ossec/logs/active-response.log</location> -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
