On Wed, Apr 26, 2017 at 9:51 PM, Nikki Sridhar <nikkisridha...@gmail.com> wrote: > There shouldn't be! Only system integrity configuration is enabled and that > runs every 20 hours . Real time system integrity check is enabled for 3 > directories. >
Turn on the log all option on the server and see what appears in archives.log. That will give you an idea of how much each system is sending to the server. Even using tcpdump to see if there is a lot of traffic passing between one agent and the server might give you some ideas. Like if an agent has its log monitoring turned on, even though the server doesn't do anything with the logs. > I was wondering if clearing out the syscheck DB would help? > I don't think so, but you can try it. > Thank you! > >> On Apr 26, 2017, at 3:02 PM, dan (ddp) <ddp...@gmail.com> wrote: >> >>> On Wed, Apr 26, 2017 at 9:59 AM, Nikki S <nikkisridha...@gmail.com> wrote: >>> We have about 480 agents reporting the OSSEC server. The remoted server is >>> running constantly at 100% CPU utilization. Any suggestions on how to >>> re-mediate this please? >>> >> >> Is there a lot of traffic between the agents and the server? >> >>> -- >>> >>> --- >>> You received this message because you are subscribed to the Google Groups >>> "ossec-list" group. >>> To unsubscribe from this group and stop receiving emails from it, send an >>> email to ossec-list+unsubscr...@googlegroups.com. >>> For more options, visit https://groups.google.com/d/optout. >> >> -- >> >> --- >> You received this message because you are subscribed to a topic in the >> Google Groups "ossec-list" group. >> To unsubscribe from this topic, visit >> https://groups.google.com/d/topic/ossec-list/6iUIQtsWLXY/unsubscribe. >> To unsubscribe from this group and all its topics, send an email to >> ossec-list+unsubscr...@googlegroups.com. >> For more options, visit https://groups.google.com/d/optout. > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to ossec-list+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
