Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Multiple changes to logcollector config + saner defaults #750

Merged
merged 5 commits into from
Feb 26, 2016
Merged

Multiple changes to logcollector config + saner defaults #750

merged 5 commits into from
Feb 26, 2016

Conversation

dcid
Copy link

@dcid dcid commented Feb 24, 2016

Trying to start merging my repo up.

  • Better defaults to analysisd stats diff alerts.
  • Fixing glob() implementation bug.
  • Adding hourly/daily options to logcollector.
  • Adding a CHANGELOG so we can track changes per release (a user facing CHANGELOG so they can see what matters most).

dcid added 5 commits February 24, 2016 17:56
Fixing glob broken implementation.
aaf84ad 
Merged from:
dcid/ossec-hids@6264ce9

"
Globbing /var/log/httpd/*.access.log on a directory with 5k sites, just went
from 4 minutes (yes, 4 minutes) to 1 second.

"
Merging simplified keywords for the "frequency" option: hourly and da…
52aafb0 
…ily.
Adding a user-fancing CHANGELOG so we can easily track what features …
f63952f 
…should

go into release announcements.

** Still have to go back to previous PR's / commits to see what else to add.
Adding more sane defauls to our analysisd event counter.
234cdc5
Fixing memory corruption (dos) on the ossec alert decoder.
155c089
jrossi
jrossi reviewed Feb 24, 2016
View reviewed changes
etc/internal_options.conf
@@ -14,11 +14,11 @@
# Analysisd default rule timeframe.
analysisd.default_timeframe=360
# Analysisd stats maximum diff.
analysisd.stats_maxdiff=25000
analysisd.stats_maxdiff=999000
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You have tested this? I am just asking to make sure but it makes sense to me gives a lot more information to users.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oh yes, been using for a while. Logs can fluctuate in size quite a bit and the original defaults were way too low.

@jrossi
Copy link
Member

jrossi commented Feb 24, 2016

For the most part looks good to me. Makes sense and add some great features.

Suggestions for the future:

  • Match the style of the sources as this changes a fair amount of code just for coding style reason and is not related to change set
  • few features in a single PR

I will merge this when i get home tonight.

@jrossi jrossi added this to the ossec-hids-2.9 milestone Feb 24, 2016
@jrossi jrossi self-assigned this Feb 24, 2016
jrossi added a commit that referenced this pull request Feb 26, 2016
@jrossi
Merge pull request #750 from dcid/master
886eb17 
Multiple changes to logcollector config + saner defaults
@jrossi jrossi merged commit 886eb17 into ossec:master Feb 26, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@jrossi jrossi

Labels
enhancement rn:important rn:master rn:server
Projects
None yet
Milestone
ossec-hids-2.9
Development

Successfully merging this pull request may close these issues.
4 participants
@dcid @jrossi @bchurchill @aquerubin