OSSEC Internal Settings

OSSEC Analysisd Settings

Note

Do not change these settings unless you know what you are doing. Changing these setings can cause OSSEC to perform incorrectly.

HIDS_analysisd_default_timeframe

  • Analysisd default rule timeframe in seconds. [Default: 360]

HIDS_analysisd_stats_maxdiff

  • Analysisd stats maximum diff.

HIDS_analysisd_stats_mindiff

  • Analysisd stats minimum diff.

HIDS_analysisd_stats_percent_diff

  • Analysisd stats percentage (how much to differ from average)

HIDS_analysisd_fts_list_size

  • Analysisd FTS list size.

HIDS_analysisd_fts_min_size_for_str

  • Analysisd FTS minimum string size.

HIDS_analysisd_log_fw

  • Analysisd Enable the firewall log (at logs/firewall/firewall.log)

OSSEC Logcollector Settings

HIDS_logcollector_loop_timeout

  • Logcollector file loop timeout (check every 2 seconds for file changes)

HIDS_logcollector_open_attempts

  • Logcollector number of attempts to open a log file.

HIDS_logcollector_remote_commands

  • Logcollector - If it should accept remote commands from the manager

OSSEC Remoted Settings

HIDS_remoted_recv_counter_flush

  • Remoted counter io flush.

HIDS_remoted_comp_average_printout

  • Remoted compression averages printout.

HIDS_remoted_verify_msg_id

  • Verify msg id (set to 0 to disable it)

OSSEC Maild Settings

HIDS_maild_strict_checking

  • Maild strict checking (0=disabled, 1=enabled)

HIDS_maild_groupping

  • Maild grouping (0=disabled, 1=enabled) Groups alerts within the same e-mail. And yes we know its spelled wrong.

HIDS_maild_full_subject

  • Maild full subject (0=disabled, 1=enabled)

HIDS_maild_geoip

  • Maild display GeoIP data (0=disabled, 1=enabled)

OSSEC Monitord Settings

HIDS_monitord_day_wait

  • Monitord day_wait. Amount of seconds to wait before compressing/signing the files.

HIDS_monitord_sign

  • Monitord sign. (0=do not sign, 1=sign)

HIDS_monitord_monitor_agents

  • Monitord monitor_agents. (0=do not monitor, 1=monitor)

OSSEC Syscheck Settings

HIDS_syscheck_sleep

  • Syscheck checking/usage speed. To avoid large cpu/memory usage, you can specify how much to sleep after generating the checksum of X files. The default is to sleep 2 seconds after reading 15 files.

HIDS_syscheck_sleep_after

  • Syscheck checking/usage speed. To avoid large cpu/memory usage, you can specify how much to sleep after generating the checksum of X files. The default is to sleep 2 seconds after reading 15 files.