# internal_options.conf, Daniel B. Cid (dcid @ ossec.net).
#
# DO NOT TOUCH THIS FILE. The default configuration
# is at ossec.conf. More information at:
# http://www.ossec.net/en/manual.html
#
# This file should be handled with care. It contain
# run time modifications that can affect the use
# of ossec. Only change it if you know what you
# are doing. Again, look first at ossec.conf
# for most of the things you want to change.


# Analysisd default rule timeframe.
analysisd.default_timeframe=360
# Analysisd stats maximum diff.
analysisd.stats_maxdiff=25000
# Analysisd stats minimum diff.
analysisd.stats_mindiff=250
# Analysisd stats percentage (how much to differ from average)
analysisd.stats_percent_diff=30
# Analysisd FTS list size.
analysisd.fts_list_size=32
# Analysisd FTS minimum string size.    
analysisd.fts_min_size_for_str=14
# Analysisd Enable the firewall log (at logs/firewall/firewall.log)
# 1 to enable, 0 to disable.
analysisd.log_fw=1


# Logcollector file loop timeout (check every 2 seconds for file changes)
logcollector.loop_timeout=2

# Logcollector number of attempts to open a log file.
logcollector.open_attempts=8

# Logcollector - If it should accept remote commands from the manager
logcollector.remote_commands=1



# Remoted counter io flush.
remoted.recv_counter_flush=128

# Remoted compression averages printout.
remoted.comp_average_printout=19999

# Verify msg id (set to 0 to disable it)
remoted.verify_msg_id=0


# Maild strict checking (0=disabled, 1=enabled)
maild.strict_checking=1

# Maild grouping (0=disabled, 1=enabled)
# Groups alerts within the same e-mail.
maild.groupping=1

# Maild full subject (0=disabled, 1=enabled)
maild.full_subject=0

# Maild display GeoIP data (0=disabled, 1=enabled)
maild.geoip=1


# Monitord day_wait. Ammount of seconds to wait before compressing/signing
# the files.
monitord.day_wait=10

# Monitord compress. (0=do not compress, 1=compress)
monitord.compress=1

# Monitord sign. (0=do not sign, 1=sign)
monitord.sign=1

# Monitord monitor_agents. (0=do not monitor, 1=monitor)
monitord.monitor_agents=1


# Syscheck checking/usage speed. To avoid large cpu/memory
# usage, you can specify how much to sleep after generating
# the checksum of X files. The default is to sleep 2 seconds
# after reading 15 files.
syscheck.sleep=2
syscheck.sleep_after=15


# Database - maximum number of reconnect attempts
dbd.reconnect_attempts=10


# Debug options.
# Debug 0 -> no debug
# Debug 1 -> first level of debug
# Debug 2 -> full debugging

# Windows debug (used by the windows agent)
windows.debug=0

# Syscheck (local, server and unix agent)
syscheck.debug=0

# Remoted (server debug)
remoted.debug=0

# Analysisd (server or local)
analysisd.debug=0

# Log collector (server, local or unix agent)
logcollector.debug=0

# Unix agentd
agent.debug=0


# EOF