The following two scripts are so talkative as to be pretty much useless:



On my install, the av_system_cache updated every *3* minutes, with an associated email in the mailbox.  update_cache runs every hour.

This is waaaay overkill.  The default should be 1 in 24 hours at the most frequent, IMO.  OSSIM is meant to be used via a web console, so you're not really going to be logged into the shell anyway.  Logging in ever few days to be greeted by 100s of emails isn't productive. 

Just a thought.  :)

  • I think I saw this in OSSIM 4. It's the email with a summary of the system configuration? (Sorry, my OSSIM 4 VM is turned off at the moment, so I'm going by memory.)
  • great feedback - i'll make sure it ends up in the right hands
  • edited July 2012
    Okay, yes, that's the one I'm seeing.

    For those wondering where to look, the place to modify this is /etc/cron.d/av_system_cache

    E.g. change the start of each line from

    */3 * * * *


    0 1 * * *

    Which will change the job from "every three minutes" to "1 AM every day".

    I don't know if the modification will survive updates.
  • They probably wont, this scripts are used to cache all the information displayed in alienvault center, so that when the user goes to the web interface we dont have to query 100 sensors simultaneously to get that information. In the future we will also use this information to generate alerts and metrics based on the status of the alienvault components so it is not a good idea to modify this. 

    On the other hand you are right that process should not send an email to the local user, we will log this information in a log file instead in future versions.

  • Thanks Juan!

