--- /dev/null
+# internal_options.conf, Daniel B. Cid (dcid @ ossec.net).
+#
+# DO NOT TOUCH THIS FILE. The default configuration
+# is at ossec.conf. More information at:
+# http://www.ossec.net/en/manual.html
+#
+# This file should be handled with care. It contain
+# run time modifications that can affect the use
+# of ossec. Only change it if you know what you
+# are doing. Again, look first at ossec.conf
+# for most of the things you want to change.
+
+
+# Analysisd default rule timeframe.
+analysisd.default_timeframe=360
+# Analysisd stats maximum diff.
+analysisd.stats_maxdiff=999000
+# Analysisd stats minimum diff.
+analysisd.stats_mindiff=1250
+# Analysisd stats percentage (how much to differ from average)
+analysisd.stats_percent_diff=150
+# Analysisd FTS list size.
+analysisd.fts_list_size=32
+# Analysisd FTS minimum string size.
+analysisd.fts_min_size_for_str=14
+# Analysisd Enable the firewall log (at logs/firewall/firewall.log)
+# 1 to enable, 0 to disable.
+analysisd.log_fw=1
+# Maximum number of fields in a decoder (order tag)
+analysisd.decoder_order_size=10
+
+
+# Output GeoIP data at JSON alerts
+analysisd.geoip_jsonout=0
+
+# Logcollector file loop timeout (check every 2 seconds for file changes)
+logcollector.loop_timeout=2
+
+# Logcollector number of attempts to open a log file.
+logcollector.open_attempts=8
+
+# Logcollector - If it should accept remote commands from the manager
+logcollector.remote_commands=0
+
+
+
+# Remoted counter io flush.
+remoted.recv_counter_flush=128
+
+# Remoted compression averages printout.
+remoted.comp_average_printout=19999
+
+# Verify msg id (set to 0 to disable it)
+remoted.verify_msg_id=1
+
+# Don't exit when client.keys empty
+remoted.pass_empty_keyfile=0
+
+# Maild strict checking (0=disabled, 1=enabled)
+maild.strict_checking=1
+
+# Maild grouping (0=disabled, 1=enabled)
+# Groups alerts within the same e-mail.
+maild.groupping=1
+
+# Maild full subject (0=disabled, 1=enabled)
+maild.full_subject=0
+
+# Maild display GeoIP data (0=disabled, 1=enabled)
+maild.geoip=1
+
+
+# Monitord day_wait. Amount of seconds to wait before compressing/signing
+# the files.
+monitord.day_wait=10
+
+# Monitord compress. (0=do not compress, 1=compress)
+monitord.compress=1
+
+# Monitord sign. (0=do not sign, 1=sign)
+monitord.sign=1
+
+# Monitord monitor_agents. (0=do not monitor, 1=monitor)
+monitord.monitor_agents=1
+
+# Monitord notify_time. Frequency of which the clients' availability needs
+# to be checked. (60-3600)
+monitord.notify_time=600
+
+# Syscheck checking/usage speed. To avoid large cpu/memory
+# usage, you can specify how much to sleep after generating
+# the checksum of X files. The default is to sleep 2 seconds
+# after reading 15 files.
+syscheck.sleep=2
+syscheck.sleep_after=15
+
+# Rootcheck checking/usage speed. Rootcheck will pause for this
+# duration after scanning a PID or port.
+rootcheck.sleep=2
+
+
+# Database - maximum number of reconnect attempts
+dbd.reconnect_attempts=10
+
+
+# Debug options.
+# Debug 0 -> no debug
+# Debug 1 -> first level of debug
+# Debug 2 -> full debugging
+
+# Windows debug (used by the windows agent)
+windows.debug=0
+
+# Syscheck (local, server and unix agent)
+syscheck.debug=0
+
+# Remoted (server debug)
+remoted.debug=0
+
+# Analysisd (server or local)
+analysisd.debug=0
+
+# Log collector (server, local or unix agent)
+logcollector.debug=0
+
+# Unix agentd
+agent.debug=0
+
+
+# EOF
projects / ossec-hids.git / blobdiff