wazuh log dir
1,024 views
Skip to first unread message
Naveed Ahmed
Feb 24, 2022, 3:20:39 AM2/24/22
to Wazuh mailing list
Hi Team,
Since using wazuh i am facing log dir issue /var/ossec/logs. I have follwed below link for bind log dir but it is not helpful due to replicate /var/ossec/logs dir to other dir. I thought just moved logs dir to other dir but it is not happen so i try to confirm for deleted log file from /var/ossec/logs and that file also deleted to other dir. Please let me know the solution how can move the /var/ossec/logs dir to other dir without replicating data. Thanks
elw...@wazuh.com
Feb 24, 2022, 4:42:58 AM2/24/22
to Wazuh mailing list
Hello Naveed,
Following the shared logs, you should not have any replications as the logs are stored in the new directory but only accessible from the original path.
Regards,
Wak
Following the shared logs, you should not have any replications as the logs are stored in the new directory but only accessible from the original path.
Regards,
Wak
Naveed Ahmed
Feb 24, 2022, 5:26:34 AM2/24/22
to elw...@wazuh.com, Wazuh mailing list
Hi, thanks for responding. I have deleted from /var/ossec/logs and it also deleted on other dir as well, then Why
--
You received this message because you are subscribed to a topic in the Google Groups "Wazuh mailing list" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/wazuh/1-Yz4BwkPNs/unsubscribe.
To unsubscribe from this group and all its topics, send an email to wazuh+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/e21e5e98-ed32-47fa-a079-c560e64d4924n%40googlegroups.com.
elw...@wazuh.com
Feb 25, 2022, 2:14:54 AM2/25/22
to Wazuh mailing list
Hello,
You have a binding mount and it is linking those directories but not replicating the data. You can read about mounting in Linux here https://www.bleepingcomputer.com/tutorials/introduction-to-mounting-filesystems-in-linux/.
Regards,
Wali
You have a binding mount and it is linking those directories but not replicating the data. You can read about mounting in Linux here https://www.bleepingcomputer.com/tutorials/introduction-to-mounting-filesystems-in-linux/.
Regards,
Wali
Naveed Ahmed
Feb 25, 2022, 2:37:28 AM2/25/22
to elw...@wazuh.com, Wazuh mailing list
If i agree with this but can you tell, I have deleted the log file from /var/ossec/logs and it has also been deleted to another dir as well.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/5c36d444-ce54-44e2-8bb9-805256d7db2an%40googlegroups.com.
elw...@wazuh.com
Feb 25, 2022, 7:54:04 AM2/25/22
to Wazuh mailing list
That's exactly how it is supposed to work. The Wazuh manager is writing to the default directory `/var/ossec/log` but they are stored physically in the mounted directory and will not fill up the directory `/var/ossec/logs`. Therefore, a deletion applies the same.
If you want to change the default installation directory of Wazuh, you need to install it from the source as described here https://documentation.wazuh.com/current/installation-guide/more-installation-alternatives/wazuh-from-sources/wazuh-server/index.html then choose the installation path.
Hope this helps.
If you want to change the default installation directory of Wazuh, you need to install it from the source as described here https://documentation.wazuh.com/current/installation-guide/more-installation-alternatives/wazuh-from-sources/wazuh-server/index.html then choose the installation path.
Hope this helps.
Reply all
Reply to author
Forward
0 new messages