1 # internal_options.conf, Daniel B. Cid (dcid @ ossec.net).
3 # DO NOT TOUCH THIS FILE. The default configuration
4 # is at ossec.conf. More information at:
5 # http://www.ossec.net/en/manual.html
7 # This file should be handled with care. It contain
8 # run time modifications that can affect the use
9 # of ossec. Only change it if you know what you
10 # are doing. Again, look first at ossec.conf
11 # for most of the things you want to change.
14 # Analysisd default rule timeframe.
15 analysisd.default_timeframe=360
16 # Analysisd stats maximum diff.
17 analysisd.stats_maxdiff=999000
18 # Analysisd stats minimum diff.
19 analysisd.stats_mindiff=1250
20 # Analysisd stats percentage (how much to differ from average)
21 analysisd.stats_percent_diff=150
22 # Analysisd FTS list size.
23 analysisd.fts_list_size=32
24 # Analysisd FTS minimum string size.
25 analysisd.fts_min_size_for_str=14
26 # Analysisd Enable the firewall log (at logs/firewall/firewall.log)
27 # 1 to enable, 0 to disable.
29 # Maximum number of fields in a decoder (order tag)
30 analysisd.decoder_order_size=10
33 # Output GeoIP data at JSON alerts
34 analysisd.geoip_jsonout=0
36 # Logcollector file loop timeout (check every 2 seconds for file changes)
37 logcollector.loop_timeout=2
39 # Logcollector number of attempts to open a log file.
40 logcollector.open_attempts=8
42 # Logcollector - If it should accept remote commands from the manager
43 logcollector.remote_commands=0
47 # Remoted counter io flush.
48 remoted.recv_counter_flush=128
50 # Remoted compression averages printout.
51 remoted.comp_average_printout=19999
53 # Verify msg id (set to 0 to disable it)
54 remoted.verify_msg_id=1
56 # Don't exit when client.keys empty
57 remoted.pass_empty_keyfile=0
59 # Maild strict checking (0=disabled, 1=enabled)
60 maild.strict_checking=1
62 # Maild grouping (0=disabled, 1=enabled)
63 # Groups alerts within the same e-mail.
66 # Maild full subject (0=disabled, 1=enabled)
69 # Maild display GeoIP data (0=disabled, 1=enabled)
73 # Monitord day_wait. Amount of seconds to wait before compressing/signing
77 # Monitord compress. (0=do not compress, 1=compress)
80 # Monitord sign. (0=do not sign, 1=sign)
83 # Monitord monitor_agents. (0=do not monitor, 1=monitor)
84 monitord.monitor_agents=1
86 # Monitord notify_time. Frequency of which the clients' availability needs
87 # to be checked. (60-3600)
88 monitord.notify_time=600
90 # Syscheck checking/usage speed. To avoid large cpu/memory
91 # usage, you can specify how much to sleep after generating
92 # the checksum of X files. The default is to sleep 2 seconds
93 # after reading 15 files.
95 syscheck.sleep_after=15
97 # Rootcheck checking/usage speed. Rootcheck will pause for this
98 # duration after scanning a PID or port.
102 # Database - maximum number of reconnect attempts
103 dbd.reconnect_attempts=10
107 # Debug 0 -> no debug
108 # Debug 1 -> first level of debug
109 # Debug 2 -> full debugging
111 # Windows debug (used by the windows agent)
114 # Syscheck (local, server and unix agent)
117 # Remoted (server debug)
120 # Analysisd (server or local)
123 # Log collector (server, local or unix agent)