Re: [ossec-list] OSSEC Log Retention
On Wed, Nov 28, 2018 at 9:44 AM Andrew Thomas wrote: > > > In the documentation, regarding logs, it says: > > How long are they stored? > > For as long as your policy dictates (it is user configurable). > > But I don't see a configuration option for this, and reading other posts, > some people have alluded to keeping them for 13 months for PCI Compliance, > and others have said OSSEC doesn't delete files. > > So, how do I go about storing logs for 12 months? > I'm not entirely sure what that documentation is really supposed to mean. OSSEC doesn't delete logs, it'll keep them as long as you want. Removing logs is up to you. > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to ossec-list+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[ossec-list] OSSEC Log Retention
In the documentation, regarding logs, it says: How long are they stored? - For as long as your policy dictates (it is user configurable). But I don't see a configuration option for this, and reading other posts, some people have alluded to keeping them for 13 months for PCI Compliance, and others have said OSSEC doesn't delete files. So, how do I go about storing logs for 12 months? -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [ossec-list] Ossec agent logs to two ossec server's / sensors
Hi Dan, I am trying to look for configuration file where I can increase 30 minutes interval, but cannot find it - "but an agent will failover to a second server after a while (30 minutes?). " On Friday, July 6, 2018 at 1:11:43 PM UTC+1, dan (ddpbsd) wrote: > > On Fri, Jul 6, 2018 at 3:43 AM, Shaikh S. > wrote: > > Hello Folks, > > > > Hope you're doing well. > > > > Is it possible to configure ossec agent to send the logs to two > different > > server's. for example if the DC ossec server get's down, is it possible > to > > forward the same agent logs to other DR ossec server. > > (Active / Passive monitoring ) > > > > You can't send to both at the same time, but an agent will failover to > a second server after a while (30 minutes?). > I'm hoping the virgil security noisesocket work helps with this. > > > Any help will be greatful. > > > > Thanks in advance !!! > > > > > > Regards, > > Shaikh S. > > > > -- > > > > --- > > You received this message because you are subscribed to the Google > Groups > > "ossec-list" group. > > To unsubscribe from this group and stop receiving emails from it, send > an > > email to ossec-list+...@googlegroups.com . > > For more options, visit https://groups.google.com/d/optout. > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.