[prelude-user] prelude lml log rotation
Belliard François
fbelliard.ext at orange-ftgroup.com
Mon Dec 3 16:44:12 CET 2007
Hello,
Thank you for your answer.
I had noticed these parameters and tried to configure them with
different manner, but could never get any rotation on my alert file.
Neither I did get any rotation alert. Are there other parameters to
consider ?
Also, to be clear in my mind, on which log file do these parameters act ?
Is it the syslog file in which prelude-lml checks for any alert (defined
by a "file" entry in a "[format=xxx]" section),
or is it the resulting IDMEF or text file generated by Prelude with all
detected alerts ?
Best regards,
François Belliard
Yoann Vandoorselaere a écrit :
> Hello François,
>
> Le mardi 20 novembre 2007 à 13:06 +0100, Belliard François a écrit :
>
>
>> I have prelude LML installed on Linux servers and would ike to
>> understand how prelude manage log rotation.
>>
>> Is there information somewhere on how to configure LML log rotation :
>> - delay,
>> - file size,
>> - send an IDMEF alert or not ??
>> - ...
>>
>
> If you are looking for a way to configure LML log file rotation alerts,
> you might be interested in the followings Prelude-LML options:
>
> max-rotation-time-offset: Specifies the maximum time difference, in
> seconds, between the time of log files rotation. If this amount is
> reached, a high severity alert will be emitted.
>
> max-rotation-size-offset: Specifies the maximum difference, in bytes,
> between two log files rotation. If this difference is reached, a high
> severity alert will be emitted.
>
> Hope this help,
>
>
More information about the Prelude-user
mailing list