Save Wazuh logs and data to another disk in Linux?
457 views
Skip to first unread message
TheLotus 24
May 9, 2024, 5:51:13 PM5/9/24
to Wazuh | Mailing List
I have a client who wants to install wazuh but he asks me for the Linux operating system to be on one disk and on the other disk he wants all the data and logs that wazuh brings to be saved.
Is it possible to specify Wazuh to save the data that is generated on the other disk?
Is it possible to specify Wazuh to save the data that is generated on the other disk?
Kevin Ledesma
May 16, 2024, 10:03:21 AM5/16/24
to Wazuh | Mailing List
Hello!
Well, there is no configuration from the Wazuh side to change the storage location, but there is a workaround, you could move the directory to the desired location and create a mount binding from that new location to the original dir. Let me explain it a bit better with steps:
Well, there is no configuration from the Wazuh side to change the storage location, but there is a workaround, you could move the directory to the desired location and create a mount binding from that new location to the original dir. Let me explain it a bit better with steps:
- Stop the wazuh server ---> systemctl stop wazuh-manager
- Move the content from the original dir to the new one ---> mv /var/ossec/logs/* /your_new_path
- Create a mount binding among the dirs ---> mount --bind /your_new_path /var/ossec/logs
- Make these changes permanent to not lose it on restarts ---> echo "/your_new_path /var/ossec/logs/ none defaults,bind 0 0" >> /etc/fstab
- Start the wazuh server ---> systemctl start wazuh-manager
I hope it helps, any feedback is welcome! Have a nice day!
Regards,
Reply all
Reply to author
Forward
0 new messages