OSSEC Agent EPS

[Abdulvehhab Agin]

Hello,

Is there a way to measure OSSEC agent EPS count; not alarm?

And Please let me know us of system resources.

Thanks

[Santiago Bassett]

Try using this script:

https://github.com/ossec/ossec-hids/blob/master/contrib/ossec-eps.sh

Another option is to enable logall option and count events in archive.log (you can count all events in a day and then do the math).

Regarding resources it depends on how much data OSSEC manager/agents will be processing. There is no official benchmarks so I would recommend to run it in a pre-production environment first.

I hope it helps

--

---
You received this message because you are subscribed to the Google Groups "ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Abdulvehhab Agin]

I will try to mesause by using ossec-eps.sh; but i see it is not for spesific agent; it is global average for all agents. am i right?

I think "logall option" must be configurable in server; it storage events in server, i think server will be down :( It has 100 agent.

When we start ossec service (windows) after 7-10 days; ossec use %7 CPU (i5 machine); and we see 6gb ram usage for svchost.exe. Is it normal?

    When we stop ossec server, after 7-10 days; there is no ram issues

--

---
You received this message because you are subscribed to a topic in the Google Groups "ossec-list" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/ossec-list/E4gFpT2YF1A/unsubscribe.
To unsubscribe from this group and all its topics, send an email to ossec-list+...@googlegroups.com.

[Abdulvehhab Agin]

I have about 700 000 000/per day that is amazing

Thanks Santiago

11 Mayıs 2016 Çarşamba 23:49:55 UTC+3 tarihinde Abdulvehhab Agin yazdı:

I will try to mesause by using ossec-eps.sh; but i see it is not for spesific agent; it is global average for all agents. am i right?

I think "logall option" must be configurable in server; it storage events in server, i think server will be down :( It has 100 agent.

When we start ossec service (windows) after 7-10 days; ossec use %7 CPU (i5 machine); and we see 6gb ram usage for svchost.exe. Is it normal?

    When we stop ossec server, after 7-10 days; there is no ram issues

2016-05-11 23:25 GMT+03:00 Santiago Bassett <santiago...@gmail.com>:

Try using this script:

https://github.com/ossec/ossec-hids/blob/master/contrib/ossec-eps.sh

Another option is to enable logall option and count events in archive.log (you can count all events in a day and then do the math).

Regarding resources it depends on how much data OSSEC manager/agents will be processing. There is no official benchmarks so I would recommend to run it in a pre-production environment first.

I hope it helps

On Wed, May 11, 2016 at 12:57 PM, Abdulvehhab Agin <> wrote:

Hello,

Is there a way to measure OSSEC agent EPS count; not alarm?

And Please let me know us of system resources.

Thanks

--

---
You received this message because you are subscribed to the Google Groups "ossec-list" group.

To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscribe@googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

--

---
You received this message because you are subscribed to a topic in the Google Groups "ossec-list" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/ossec-list/E4gFpT2YF1A/unsubscribe.

To unsubscribe from this group and all its topics, send an email to ossec-list+unsubscribe@googlegroups.com.