subject:"Re\: \[ossec\-list\] OSSEC IIS LOG being cutted after alert is created"

Re: [ossec-list] OSSEC IIS LOG being cutted after alert is created

2016-02-02 Thread Santiago Bassett

>From src/headers/defs.h, here are some interesting constants #define OS_MAXSTR OS_SIZE_6144/* Size for logs, sockets, etc */ #define OS_BUFFER_SIZE OS_SIZE_2048/* Size of general buffers */ #define OS_FLSIZE OS_SIZE_256 /* Maximum file size*/ #define

Re: [ossec-list] OSSEC IIS LOG being cutted after alert is created

2016-02-02 Thread Santiago Bassett

How big are those logs, do you have an example? This kind of behavior has been reported several times in the last few days (for different use cases). Haven't had time to look into it but I assume is a limitation in the alert size. Have you tried using logall option? Do you see the complete event

Re: [ossec-list] OSSEC IIS LOG being cutted after alert is created

2016-02-02 Thread Santiago Bassett

Will do, thank you! On Tue, Feb 2, 2016 at 7:10 PM, Antonio Querubin wrote: > On Tue, 2 Feb 2016, Santiago Bassett wrote: > > From src/headers/defs.h, here are some interesting constants >> >> #define OS_MAXSTR OS_SIZE_6144/* Size for logs, sockets, etc */ >> >>

Re: [ossec-list] OSSEC IIS LOG being cutted after alert is created

2016-02-02 Thread Antonio Querubin

On Tue, 2 Feb 2016, Santiago Bassett wrote: From src/headers/defs.h, here are some interesting constants #define OS_MAXSTR OS_SIZE_6144/* Size for logs, sockets, etc */ #define OS_BUFFER_SIZE OS_SIZE_2048/* Size of general buffers */ #define OS_FLSIZE OS_SIZE_256

Re: [ossec-list] OSSEC IIS LOG being cutted after alert is created

Re: [ossec-list] OSSEC IIS LOG being cutted after alert is created

Re: [ossec-list] OSSEC IIS LOG being cutted after alert is created

Re: [ossec-list] OSSEC IIS LOG being cutted after alert is created

4 matches

Site Navigation

Mail list logo

Footer information