Maxiumum Number of Agents Allowed
763 views
Skip to first unread message
PJG
Aug 18, 2011, 5:49:26 AM8/18/11
to ossec-list
Dear All,
We are planning on ramping up our OSSEC deployment.
There's a warning which is seen in the log files which states:
INFO: Maximum number of agents allowed: '256'.
Does anyone know if this is an actual limit, or simply recommended?
Also if it is breached, does this have any impact on the service?
If so, is there anyway to increase this amount?
Thanks
Pip
We are planning on ramping up our OSSEC deployment.
There's a warning which is seen in the log files which states:
INFO: Maximum number of agents allowed: '256'.
Does anyone know if this is an actual limit, or simply recommended?
Also if it is breached, does this have any impact on the service?
If so, is there anyway to increase this amount?
Thanks
Pip
dan (ddp)
Aug 18, 2011, 8:12:28 AM8/18/11
to ossec...@googlegroups.com
On Thu, Aug 18, 2011 at 5:49 AM, PJG <slt...@hotmail.co.uk> wrote:
> Dear All,
>
> We are planning on ramping up our OSSEC deployment.
>
> There's a warning which is seen in the log files which states:
>
> INFO: Maximum number of agents allowed: '256'.
>
> Does anyone know if this is an actual limit, or simply recommended?
>
> Dear All,
>
> We are planning on ramping up our OSSEC deployment.
>
> There's a warning which is seen in the log files which states:
>
> INFO: Maximum number of agents allowed: '256'.
>
> Does anyone know if this is an actual limit, or simply recommended?
>
It's a real limit. It's in the source.
http://www.ossec.net/doc/faq/unexpected.html#errors-when-dealing-with-multiple-agents
> Also if it is breached, does this have any impact on the service?
>
> If so, is there anyway to increase this amount?
>
http://www.ossec.net/doc/faq/unexpected.html#errors-when-dealing-with-multiple-agents
> Thanks
>
> Pip
Swartz, Patrick H
Aug 18, 2011, 8:52:14 AM8/18/11
to ossec-list
That is the default maximum, however it is modifiable by going into the
/src directory (of the install package) and running "make setmaxagents",
this will prompt you asking for a new maximum value.
You will then need to recompile to take advantage of the new value.
We currently use 4096 (with close to 2000 active agents) with no issues.
Patrick Swartz
-----------------------------------------
The information in this message may be proprietary and/or
confidential, and protected from disclosure. If the reader of this
message is not the intended recipient, or an employee or agent
responsible for delivering this message to the intended recipient,
you are hereby notified that any dissemination, distribution or
copying of this communication is strictly prohibited. If you have
received this communication in error, please notify First Data
immediately by replying to this message and deleting it from your
computer.
/src directory (of the install package) and running "make setmaxagents",
this will prompt you asking for a new maximum value.
You will then need to recompile to take advantage of the new value.
We currently use 4096 (with close to 2000 active agents) with no issues.
Patrick Swartz
The information in this message may be proprietary and/or
confidential, and protected from disclosure. If the reader of this
message is not the intended recipient, or an employee or agent
responsible for delivering this message to the intended recipient,
you are hereby notified that any dissemination, distribution or
copying of this communication is strictly prohibited. If you have
received this communication in error, please notify First Data
immediately by replying to this message and deleting it from your
computer.
PJG
Aug 19, 2011, 4:24:26 AM8/19/11
to ossec-list
Spot on. Thanks very much for the speedy response.
On Aug 18, 1:52 pm, "Swartz, Patrick H" <Patrick.Swa...@firstdata.com>
wrote:
> computer.- Hide quoted text -
>
> - Show quoted text -
On Aug 18, 1:52 pm, "Swartz, Patrick H" <Patrick.Swa...@firstdata.com>
wrote:
>
> - Show quoted text -
Michael Starks
Aug 20, 2011, 11:01:06 PM8/20/11
to ossec...@googlegroups.com
On 08/18/2011 07:52 AM, Swartz, Patrick H wrote:
> That is the default maximum, however it is modifiable by going into the
> /src directory (of the install package) and running "make setmaxagents",
> this will prompt you asking for a new maximum value.
> You will then need to recompile to take advantage of the new value.
> We currently use 4096 (with close to 2000 active agents) with no issues.
>
> Patrick Swartz
> That is the default maximum, however it is modifiable by going into the
> /src directory (of the install package) and running "make setmaxagents",
> this will prompt you asking for a new maximum value.
> You will then need to recompile to take advantage of the new value.
> We currently use 4096 (with close to 2000 active agents) with no issues.
>
> Patrick Swartz
I would also recommend some OS tuning with that many agents:
http://www.immutablesecurity.com/index.php/2010/10/20/2woo-tips-tricks/
jonathan...@gmail.com
Jan 20, 2017, 5:10:08 PM1/20/17
to ossec-list, ossec...@michaelstarks.com
Is there a way to set the max number of agents without recompiling the installer?
Kat
Jan 22, 2017, 4:18:20 PM1/22/17
to ossec-list
In case anyone is curious - with proper server sizing, I have run OSSEC Managers with 20-30,000 agents connected.
:-)
Kat
Victor Fernandez
Jan 23, 2017, 1:08:09 PM1/23/17
to ossec...@googlegroups.com
Hi Patrick,
unfortunately there is no way to do this, since the maximum agents parameter is used to create some static arrays into the code. This makes necessary to re-compile and install the binaries.
Best regards.
--
---
You received this message because you are subscribed to the Google Groups "ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Victor M. Fernandez-Castro
IT Security Engineer
Wazuh Inc.
Reply all
Reply to author
Forward
0 new messages