OSSEC 3.3

internal_options.conf: analysisd

analysisd.default_timeframe

Analysisd default rule timeframe

Default: 360

Allowed: Any integer

analysisd.stats_maxdiff

Default: 25000

Allowed: Any integer

analysisd.stats_mindiff

Default: 250

Allowed: Any integer

analysisd.stats_percent_diff

Default: 30

Allowed: Any integer

analysisd.fts_list_size

Default: 32

Allowed: Any integer

analysisd.fts_min_size_for_str

Default: 14

Allowed: Any integer

analysisd.log_fw

Default: 1

Allowed: Any integer

analysisd.debug

Default: 0

Allowed: Any integer

internal_options.conf: agent

agent.debug

Run the agent’s processes in debug mode.

Default: 0

internal_options.conf: dbd

dbd.reconnect_attempts

The number of times ossec-dbd will attempt to reconnect to the database.

Default: 10

internal_options.conf: logcollector

logcollector.loop_timeout

Default: 2

logcollector.open_attempts

Default: 8

logcollector.remote_commands=0

Allow the agents to run commands defined in agent.conf.

Allowed: 0,1

Default: 0

Note

This option first appeared in OSSEC 2.7.

internal_options.conf: maild

maild.strict_checking

Default: 1

Allowed: 0 or 1

maild.groupping

If set to 1 alerts will be grouped together in one email. These alerts may be of different types or levels, and may be from different systems.

Default: 1

Allowed: 0 or 1

maild.full_subject

If set to 1 maild will use a full subject when sending alert emails. If set to 0 the subject is shortened.

Default: 0

Allowed: 0 or 1

maild.geoip

If set to 1 mails will display GeoIP data in alert emails.

Default: 1

Allowed: 0 or 1

internal_options.conf: monitord

monitord.day_wait

Amount of time OSSEC will wait before compressing/signing log files.

Default: 10

monitord.compress

If set to 1 ossec-monitord will compress old log files.

Default: 1

Available: 0 or 1

monitord.sign

If set to 1 ossec-monitord will sign old log files.

Default: 1

monitord.monitor_agents

Default: 1

internal_options.conf: remoted

remoted.recv_counter_flush

Default: 128

remoted.comp_average_printout

Default: 19999

remoted.verify_msg_id

Default: 1

remoted.debug

Default: 0

internal_options.conf: syscheck

syscheck.sleep

ossec-syscheckd uses this setting to determine how long to sleep after reading syscheck.sleep_after number of files. By default ossec-syscheckd sleeps for 2 seconds after checking 15 files.

Default: 2

syscheck.sleep_after

ossec-syscheckd reads this many files before sleeping for syscheck.sleep seconds.

Default: 15

internal_options.conf: windows

windows.debug

Default: 0 Allowed: 0 or 1