ossec.conf scan time
Posted: Fri Aug 28, 2015 4:38 am
Hello,
I have multiple VPS running on a node with ASL. the ossec.conf tells <frequency>86400</frequency> scantime when ossec-syscheck will scan.
But it will hit all the VPS on the same time....., the disks are running bad because on all syscheck hitting the same time.
Now i can edit the ossec. conf on every machine and tell them the time <scan_time>00:05</scan_time>, but when asl -s -f will be run it's all gone!
And the default setting is again <frequency>86400</frequency>!!!
if i look in /var/asl/data/templates/template-ossec-server.conf i can't find anyting about frequency>86400</frequency>.
How the make <scan_time> permanent for the machines? to avoid hitting the disks at the same time?
Thnx in advanced
I have multiple VPS running on a node with ASL. the ossec.conf tells <frequency>86400</frequency> scantime when ossec-syscheck will scan.
But it will hit all the VPS on the same time....., the disks are running bad because on all syscheck hitting the same time.
Now i can edit the ossec. conf on every machine and tell them the time <scan_time>00:05</scan_time>, but when asl -s -f will be run it's all gone!
And the default setting is again <frequency>86400</frequency>!!!
if i look in /var/asl/data/templates/template-ossec-server.conf i can't find anyting about frequency>86400</frequency>.
How the make <scan_time> permanent for the machines? to avoid hitting the disks at the same time?
Thnx in advanced
