store | blogs | forums | twitter | facebook | wiki | downloads | support portal
Atomic Secure Linux
It is currently Wed Nov 13, 2019 8:21 am

» Feed - Atomicorp

All times are UTC - 5 hours [ DST ]




Post new topic Reply to topic  [ 2 posts ] 
Author Message
 Post subject: active-responses log filling up drive
Unread postPosted: Wed Jul 03, 2019 9:07 pm 
Offline
Forum User
Forum User

Joined: Fri Oct 24, 2014 6:05 pm
Posts: 10
Location: Philadelphia
Hi, for some reason my OSSEC has started creating state logs every min and filling up my drive space

/var/ossec/queue/diff/local/val/ossec/logs/active-responses.log is the log file

how can I check to see why this is happening so I can stop it?

Thanks


Top
 Profile  
Reply with quote  
 Post subject: Re: active-responses log filling up drive
Unread postPosted: Fri Jul 05, 2019 2:59 pm 
Offline
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
User avatar

Joined: Thu Feb 07, 2008 7:49 pm
Posts: 4087
Location: Chantilly, VA
It looks like youre included either /var or /var/ossec in your FIM settings, and configured them further to report the content of changes in those directories (record diffs). Just log into the AEO GUI, and Click on the "ASL" tab, select "File Integrity", then select "Watch Rules" and youll see a listing of all your directories and their settings for the FIM module. Scroll down to the parent directory "/var" or even a child if that was added (like "/var/ossec") and change the "Report" setting to "no", then click the Save button, and you're all set.

_________________
Michael Shinn
Atomicorp - Security For Everyone


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 2 posts ] 

» Feed - Atomicorp

All times are UTC - 5 hours [ DST ]


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group