On Mon, Apr 30, 2018, 7:31 PM <[email protected]> wrote: > Hi Dan, Florian > > This entry mentions OSSEC has been configured to keep logs as long as 13 > months. May I ask how to achieve that? I don't know the configuration file > I need to edit to let OSSEC know it must not rotate logs until the 13th > month. > > Best regards, Sebatian. > > Ossec doesn't delete logs.
> > On Thursday, May 31, 2012 at 5:15:57 AM UTC-5, [email protected] > wrote: >> >> Hi all >> >> Currently considering an Ossec deployment, could I please check my >> understanding of the following; >> >> Ossec alerts - can be logged to syslog, file, database and sent as emails. >> >> Original log lines received from agents - can be logged to archive.log >> file with the "logall" directive for retention (doesn't cause these to be >> added to a configured db and they don't appear to be sent to syslog either >> should this be enabled, presuming these aren't options?). >> >> And a slightly off topic question if I may. >> >> I'd be interested in hearing what others are doing with regards log >> retention / enabling rich searching of the archive log, having taken a >> quick look at elsa as an example this appears to import everything as >> ossec-archive which doesn't appear ideal for utilising the search functions. >> >> It would be plausible in our case to actually junk a good portion of >> what's in the archive (ossec keepalives, log lines considered irrelevant >> for retention) but I'm not sure exactly where to begin (regex not being a >> strong point) and am wondering what others have done who have used the >> archive as a basis for log retention. >> >> Many thanks in advance >> >> >> -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
