1 # internal_options.conf, Daniel B. Cid (dcid @ ossec.net).
3 # DO NOT TOUCH THIS FILE. The default configuration
4 # is at ossec.conf. More information at:
5 # http://www.ossec.net/en/manual.html
7 # This file should be handled with care. It contain
8 # run time modifications that can affect the use
9 # of ossec. Only change it if you know what you
10 # are doing. Again, look first at ossec.conf
11 # for most of the things you want to change.
14 # Analysisd default rule timeframe.
15 analysisd.default_timeframe=360
16 # Analysisd stats maximum diff.
17 analysisd.stats_maxdiff=25000
18 # Analysisd stats minimum diff.
19 analysisd.stats_mindiff=250
20 # Analysisd stats percentage (how much to differ from average)
21 analysisd.stats_percent_diff=30
22 # Analysisd FTS list size.
23 analysisd.fts_list_size=32
24 # Analysisd FTS minimum string size.
25 analysisd.fts_min_size_for_str=14
26 # Analysisd Enable the firewall log (at logs/firewall/firewall.log)
27 # 1 to enable, 0 to disable.
31 # Logcollector file loop timeout (check every 2 seconds for file changes)
32 logcollector.loop_timeout=2
34 # Logcollector number of attempts to open a log file.
35 logcollector.open_attempts=8
38 # Remoted counter io flush.
39 remoted.recv_counter_flush=128
41 # Remoted compression averages printout.
42 remoted.comp_average_printout=19999
44 # Verify msg id (set to 0 to disable it)
45 remoted.verify_msg_id=1
48 # Maild strict checking (0=disabled, 1=enabled)
49 maild.strict_checking=1
51 # Maild grouping (0=disabled, 1=enabled)
52 # Groups alerts within the same e-mail.
55 # Maild full subject (0=disabled, 1=enabled)
59 # Monitord day_wait. Ammount of seconds to wait before compressing/signing
63 # Monitord compress. (0=do not compress, 1=compress)
66 # Monitord sign. (0=do not sign, 1=sign)
69 # Monitord monitor_agents. (0=do not monitor, 1=monitor)
70 monitord.monitor_agents=1
73 # Syscheck checking/usage speed. To avoid large cpu/memory
74 # usage, you can specify how much to sleep after generating
75 # the checksum of X files. The default is to sleep 2 seconds
76 # after reading 15 files.
78 syscheck.sleep_after=15
81 # Database - maximum number of reconnect attempts
82 dbd.reconnect_attempts=10
87 # Debug 1 -> first level of debug
88 # Debug 2 -> full debugging
90 # Windows debug (used by the windows agent)
93 # Syscheck (local, server and unix agent)
96 # Remoted (server debug)
99 # Analysisd (server or local)
102 # Log collector (server, local or unix agent)