internal_options.conf: analysisd

  • analysisd.default_timeframe

    Analysisd default rule timeframe

    Default: 360

    Allowed: Any integer

  • analysisd.stats_maxdiff

    Default: 25000

    Allowed: Any integer

  • analysisd.stats_mindiff

    Default: 250

    Allowed: Any integer

  • analysisd.stats_percent_diff

    Default: 30

    Allowed: Any integer

  • analysisd.fts_list_size

    Default: 32

    Allowed: Any integer

  • analysisd.fts_min_size_for_str

    Default: 14

    Allowed: Any integer

  • analysisd.log_fw

    Default: 1

    Allowed: Any integer

  • analysisd.debug

    Default: 0

    Allowed: Any integer

internal_options.conf: agent

  • agent.debug

    Run the agent’s processes in debug mode.

    Default: 0

internal_options.conf: dbd

  • dbd.reconnect_attempts

    The number of times ossec-dbd will attempt to reconnect to the database.

    Default: 10

internal_options.conf: logcollector

  • logcollector.loop_timeout

    Default: 2

  • logcollector.open_attempts

    Default: 8

  • logcollector.remote_commands=0

    Allow the agents to run commands defined in agent.conf.

    Allowed: 0,1

    Default: 0

    Note

    This option first appeared in OSSEC 2.7.

internal_options.conf: maild

  • maild.strict_checking

    Default: 1

    Allowed: 0 or 1

  • maild.groupping

    If set to 1 alerts will be grouped together in one email. These alerts may be of different types or levels, and may be from different systems.

    Default: 1

    Allowed: 0 or 1

  • maild.full_subject

    If set to 1 maild will use a full subject when sending alert emails. If set to 0 the subject is shortened.

    Default: 0

    Allowed: 0 or 1

  • maild.geoip

    If set to 1 mails will display GeoIP data in alert emails.

    Default: 1

    Allowed: 0 or 1

internal_options.conf: monitord

  • monitord.day_wait

    Amount of time OSSEC will wait before compressing/signing log files.

    Default: 10

  • monitord.compress

    If set to 1 ossec-monitord will compress old log files.

    Default: 1

    Available: 0 or 1

  • monitord.sign

    If set to 1 ossec-monitord will sign old log files.

    Default: 1

  • monitord.monitor_agents

    Default: 1

internal_options.conf: remoted

  • remoted.recv_counter_flush

    Default: 128

  • remoted.comp_average_printout

    Default: 19999

  • remoted.verify_msg_id

    Default: 1

  • remoted.debug

    Default: 0

internal_options.conf: syscheck

  • syscheck.sleep

    ossec-syscheckd uses this setting to determine how long to sleep after reading syscheck.sleep_after number of files. By default ossec-syscheckd sleeps for 2 seconds after checking 15 files.

    Default: 2

  • syscheck.sleep_after

    ossec-syscheckd reads this many files before sleeping for syscheck.sleep seconds.

    Default: 15

internal_options.conf: windows

  • windows.debug

    Default: 0 Allowed: 0 or 1