CRITICAL: (1107): Could not create directory

244 views
Skip to first unread message

Like Bike

unread,
Sep 13, 2022, 3:59:02 AM9/13/22
to Wazuh mailing list
I tried to change the log directory with this solution;
It worked, but it throws a new error.

root@Logserver:~# /var/ossec/bin/wazuh-analysisd -f

2022/09/13 07:53:27 wazuh-analysisd: INFO: Total rules enabled: '6327'

2022/09/13 07:53:27 wazuh-analysisd: INFO: Started (pid: 5888).

2022/09/13 07:53:27 wazuh-analysisd: CRITICAL: (1107): Could not create directory 'logs/archives/2022/' due to [(2)-(No such file or directory)].

David José Iglesias Lopez

unread,
Sep 13, 2022, 4:27:56 AM9/13/22
to Wazuh mailing list
Hello berkay,

Changing the default log file and folder is not supported. Even if you follow the workaround solution in the issue, you will still encounter problems when the rotation occurs, as your message shows. Did you enable logall?

Like Bike

unread,
Sep 13, 2022, 4:33:11 AM9/13/22
to Wazuh mailing list
Did you mean this ? 

<ossec_config>

  <global>

    <jsonout_output>yes</jsonout_output>

    <alerts_log>yes</alerts_log>

    <logall>yes</logall>

    <logall_json>yes</logall_json>

    <email_notification>no</email_notification>

    <smtp_server>smtp.example.wazuh.com</smtp_server>

    <email_from>wa...@example.wazuh.com</email_from>

    <email_to>reci...@example.wazuh.com</email_to>

    <email_maxperhour>12</email_maxperhour>

    <email_log_source>alerts.log</email_log_source>

    <agents_disconnection_time>10m</agents_disconnection_time>

    <agents_disconnection_alert_time>0</agents_disconnection_alert_time>

  </global>


13 Eylül 2022 Salı tarihinde saat 11:27:56 UTC+3 itibarıyla David José Iglesias Lopez şunları yazdı:

David José Iglesias Lopez

unread,
Sep 13, 2022, 5:34:58 AM9/13/22
to Wazuh mailing list
Yes, after you enable logall, all your events go into the logs/archives/YEAR folder, and since you did the mount and moved the folder, it is not able to create the 2022 subfolder I believe. So mount specifically the folders you want.

Like Bike

unread,
Sep 13, 2022, 5:44:58 AM9/13/22
to Wazuh mailing list

Oh okay, so I can't move all logs, but i can move specific log files, right ?
13 Eylül 2022 Salı tarihinde saat 12:34:58 UTC+3 itibarıyla David José Iglesias Lopez şunları yazdı:

David José Iglesias Lopez

unread,
Sep 13, 2022, 7:37:09 AM9/13/22
to Wazuh mailing list
Yes

Like Bike

unread,
Sep 13, 2022, 8:01:03 AM9/13/22
to Wazuh mailing list
ok thank you very much for your help i wish you a good day

13 Eylül 2022 Salı tarihinde saat 14:37:09 UTC+3 itibarıyla David José Iglesias Lopez şunları yazdı:
Reply all
Reply to author
Forward
0 new messages