clear Ossec alert log

1,540 views
Skip to first unread message

PKTan

unread,
Oct 9, 2007, 12:03:38 PM10/9/07
to ossec...@ossec.net
Hi,
      Is there any easy way to reset the OSEEC_SERVER  log entries ?
      I have been running the ossec for about a month, I want to start a fresh ossec server without re-install everything. I unregistered all the ossec agent from the server, but the old alerts, registry and files integrity history still in the system , anyway to clear everything without reinstalling ossec-server ?
 
 
Thanks in advance
 
 
regards
John

Yahoo! Movies - Search movie info and celeb profiles and photos.

Daniel Cid

unread,
Oct 10, 2007, 9:33:57 PM10/10/07
to ossec...@googlegroups.com
Hi John,

To clear the file integrity history, just run:

$ /var/ossec/bin/syscheck_update -a

To delete all alerts, just remove the whole /var/ossec/logs/alerts/* directory:

$ rm -rf /var/ossec/logs/alerts/*

*Just make sure to stop ossec before doing that...


Hope it helps.

--
Daniel B. Cid
dcid ( at ) ossec.net


On 10/9/07, PKTan <jpk...@yahoo.com.sg> wrote:
>
>
>
> Hi,
> Is there any easy way to reset the OSEEC_SERVER log entries ?
> I have been running the ossec for about a month, I want to start a fresh ossec server without re-install everything. I unregistered all the ossec agent from the server, but the old alerts, registry and files integrity history still in the system , anyway to clear everything without reinstalling ossec-server ?
>
>
> Thanks in advance
>
>
> regards
> John
> ________________________________

Yahoo! Movies - Search movie info and celeb profiles and photos.

Reply all
Reply to author
Forward
0 new messages