Hi, alert logs on ossec located in /var/ossec/alert/logs are used by EnergyLogServer or just for Wazuh.
Is save to delete them, or if there is a way to configure wazuh manager to overwrite the logs.
Hi,
Wazuh integration is done by monitoring the alert logs. So it's Wazuh service that leaves those logs, but ELS is monitoring them and adjusting to our needs.
Rotation of these files can be configured either through crontab and Linux OS commands OR through Wazuh configuration, like here: https://documentation.wazuh.com/current/user-manual/manager/event-logging.html#log-compression-and-rotation
