# internal_options.conf, Daniel B. Cid (dcid @ ossec.net). # # DO NOT TOUCH THIS FILE. The default configuration # is at ossec.conf. More information at: # http://www.ossec.net/en/manual.html # # This file should be handled with care. It contain # run time modifications that can affect the use # of ossec. Only change it if you know what you # are doing. Again, look first at ossec.conf # for most of the things you want to change. # Analysisd default rule timeframe. analysisd.default_timeframe=<%= node["ossec"]["internal"]["analysisd"]["default_timeframe"] %> # Analysisd stats maximum diff. analysisd.stats_maxdiff=<%= node["ossec"]["internal"]["analysisd"]["stats_maxdiff"] %> # Analysisd stats minimum diff. analysisd.stats_mindiff=<%= node["ossec"]["internal"]["analysisd"]["stats_mindiff"] %> # Analysisd stats percentage (how much to differ from average) analysisd.stats_percent_diff=<%= node["ossec"]["internal"]["analysisd"]["stats_percent_diff"] %> # Analysisd FTS list size. analysisd.fts_list_size=<%= node["ossec"]["internal"]["analysisd"]["fts_list_size"] %> # Analysisd FTS minimum string size. analysisd.fts_min_size_for_str=<%= node["ossec"]["internal"]["analysisd"]["fts_min_size_for_str"] %> # Analysisd Enable the firewall log (at logs/firewall/firewall.log) # 1 to enable, 0 to disable. analysisd.log_fw=<%= node["ossec"]["internal"]["analysisd"]["log_fw"] %> # Logcollector file loop timeout (check every 2 seconds for file changes) logcollector.loop_timeout=<%= node["ossec"]["internal"]["logcollector"]["loop_timeout"] %> # Logcollector number of attempts to open a log file. logcollector.open_attempts=<%= node["ossec"]["internal"]["logcollector"]["open_attempts"] %> # Logcollector: Allow the agents to run commands as defined in agent.conf logcollector.remote_commands=<%= node["ossec"]["internal"]["logcollector"]["remote_commands"] %> # Remoted counter io flush. remoted.recv_counter_flush=<%= node["ossec"]["internal"]["remoted"]["recv_counter_flush"] %> # Remoted compression averages printout. remoted.comp_average_printout=<%= node["ossec"]["internal"]["remoted"]["comp_average_printout"] %> # Verify msg id (set to 0 to disable it) remoted.verify_msg_id=<%= node["ossec"]["internal"]["remoted"]["verify_msg_id"] %> # Maild strict checking (0=disabled, 1=enabled) maild.strict_checking=<%= node["ossec"]["internal"]["maild"]["strict_checking"] %> # Maild grouping (0=disabled, 1=enabled) # Groups alerts within the same e-mail. maild.groupping=<%= node["ossec"]["internal"]["maild"]["groupping"] %> # Maild full subject (0=disabled, 1=enabled) maild.full_subject=<%= node["ossec"]["internal"]["maild"]["full_subject"] %> # Maild GeoIP support maild.geoip=<%= node["ossec"]["internal"]["maild"]["geoip"] %> # Monitord day_wait. Ammount of seconds to wait before compressing/signing # the files. monitord.day_wait=10<%= node["ossec"]["internal"]["monitord"]["day_wait"] %> # Monitord compress. (0=do not compress, 1=compress) monitord.compress=<%= node["ossec"]["internal"]["monitord"]["compress"] %> # Monitord sign. (0=do not sign, 1=sign) monitord.sign=<%= node["ossec"]["internal"]["monitord"]["sign"] %> # Monitord monitor_agents. (0=do not monitor, 1=monitor) monitord.monitor_agents=<%= node["ossec"]["internal"]["monitord"]["monitor_agents"] %> # Syscheck checking/usage speed. To avoid large cpu/memory # usage, you can specify how much to sleep after generating # the checksum of X files. The default is to sleep 2 seconds # after reading 15 files. syscheck.sleep=<%= node["ossec"]["internal"]["syscheck"]["sleep"] %> syscheck.sleep_after=<%= node["ossec"]["internal"]["syscheck"]["sleep_after"] %> # Database - maximum number of reconnect attempts dbd.reconnect_attempts=<%= node["ossec"]["internal"]["dbd"]["reconnect_attempts"] %> # Debug options. # Debug 0 -> no debug # Debug 1 -> first level of debug # Debug 2 -> full debugging # Windows debug (used by the windows agent) windows.debug=<%= node["ossec"]["internal"]["window"]["debug"] %> # Syscheck (local, server and unix agent) syscheck.debug=<%= node["ossec"]["internal"]["syscheck"]["debug"] %> # Remoted (server debug) remoted.debug=<%= node["ossec"]["internal"]["remoted"]["debug"] %> # Analysisd (server or local) analysisd.debug=<%= node["ossec"]["internal"]["analysisd"]["debug"] %> # Log collector (server, local or unix agent) logcollector.debug=<%= node["ossec"]["internal"]["logcollector"]["debug"] %> # Unix agentd agent.debug=<%= node["ossec"]["internal"]["agent"]["debug"] %> # EOF