[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ossec-list] Re: Agent run slow on windows

To: ossec-list@xxxxxxxxxxxxxxxx
Subject: [ossec-list] Re: Agent run slow on windows
From: "Daniel Cid" <daniel.cid@xxxxxxxxx>
Date: Tue, 1 Aug 2006 22:22:04 -0300
Content-disposition: inline
Content-transfer-encoding: 7bit


There are two options to increase the scanning frequency. For syscheck
(integrity
checking), just edit the option "frequency" under syscheck to be
lower. The default
is 7200, so it will scan the file system every two hours.

 <syscheck>
   <!-- Frequency that syscheck is executed - default every 2 hours -->
   <frequency>7200</frequency>
   ..
 </syscheck>


The second option is to increase the polling time for logcollector. By
default it
checks for new messages every two seconds. To change that, go to
/var/ossec/etc/internal_options.conf and change

logcollector.loop_timeout=2

To whatever value to you want.

Hope it helps ..

--
Daniel B. Cid
dcid ( at ) ossec.net

On 7/31/06, Oyesanya, Femi <foyesanya@xxxxxxxxxxxxxxxxxxxxxxxxxx> wrote:


Scan faster.  An standard recommendation for performance tune the agent

-----Original Message-----
From: ossec-list@xxxxxxxxxxxxxxxx [mailto:ossec-list@xxxxxxxxxxxxxxxx]
On Behalf Of Daniel Cid
Sent: Monday, July 31, 2006 9:23 AM
To: ossec-list@xxxxxxxxxxxxxxxx
Subject: [ossec-list] Re: Agent run slow on windows


What do you mean by improving performance? You mean scan the
file system faster (with syscheck) or poll the logs more frequently?
Or is the problem somewhere else?

Thanks,

--
Daniel B. Cid
dcid ( at ) ossec.net

On 7/31/06, Oyesanya, Femi <foyesanya@xxxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
>
> Any ideas on how to improve performance on the Windows agent ?
>
> -----Original Message-----
> From: ossec-list@xxxxxxxxxxxxxxxx [mailto:ossec-list@xxxxxxxxxxxxxxxx]
> On Behalf Of Joe Barr
> Sent: Monday, July 31, 2006 11:52 AM
> To: ossec-list@xxxxxxxxxxxxxxxx
> Subject: [ossec-list] Re: ZK Rootkit
>
>
> On Mon, 2006-07-31 at 11:54 +0300, Meir Michanie wrote:
> > can you give us the output of
> > rpm -qf /etc/sysconfig/console/load.zk
> > then run
> > rpm -qV <packetname>
>
>
> warthawg@testbox:~> rpm -qf /etc/sysconfig/console/load.zk
> error: file /etc/sysconfig/console/load.zk: Not a directory
>
>
>
>
>
>

References:
- [ossec-list] Re: Agent run slow on windows
  - From: Oyesanya, Femi

Prev by Date: [ossec-list] Re: ZK Rootkit
Previous by thread: [ossec-list] Re: Agent run slow on windows
Next by thread: [ossec-list] Agent run slow on windows
Index(es):
- Date
- Thread

OSSEC home | Main Index | Thread Index

OSSEC project: www.ossec.net.
Mailling list information: http://www.ossec.net/en/mailing_lists.html.