With tcpdump, I do see traffic getting to the server. Since the syscheck is only enabled every 22 hours, I was wondering what the other traffic is!
How can I verify if log monitoring has been turned off? Thank you! On Thursday, April 27, 2017 at 5:42:34 PM UTC-4, dan (ddpbsd) wrote: > > On Wed, Apr 26, 2017 at 9:51 PM, Nikki Sridhar <nikkisr...@gmail.com > <javascript:>> wrote: > > There shouldn't be! Only system integrity configuration is enabled and > that runs every 20 hours . Real time system integrity check is enabled for > 3 directories. > > > > Turn on the log all option on the server and see what appears in > archives.log. > That will give you an idea of how much each system is sending to the > server. > > Even using tcpdump to see if there is a lot of traffic passing between > one agent and the server might give you some ideas. Like if an agent > has its log monitoring turned on, even though the server doesn't do > anything with the logs. > > > I was wondering if clearing out the syscheck DB would help? > > > > I don't think so, but you can try it. > > > Thank you! > > > >> On Apr 26, 2017, at 3:02 PM, dan (ddp) <ddp...@gmail.com <javascript:>> > wrote: > >> > >>> On Wed, Apr 26, 2017 at 9:59 AM, Nikki S <nikkisr...@gmail.com > <javascript:>> wrote: > >>> We have about 480 agents reporting the OSSEC server. The remoted > server is > >>> running constantly at 100% CPU utilization. Any suggestions on how to > >>> re-mediate this please? > >>> > >> > >> Is there a lot of traffic between the agents and the server? > >> > >>> -- > >>> > >>> --- > >>> You received this message because you are subscribed to the Google > Groups > >>> "ossec-list" group. > >>> To unsubscribe from this group and stop receiving emails from it, send > an > >>> email to ossec-list+...@googlegroups.com <javascript:>. > >>> For more options, visit https://groups.google.com/d/optout. > >> > >> -- > >> > >> --- > >> You received this message because you are subscribed to a topic in the > Google Groups "ossec-list" group. > >> To unsubscribe from this topic, visit > https://groups.google.com/d/topic/ossec-list/6iUIQtsWLXY/unsubscribe. > >> To unsubscribe from this group and all its topics, send an email to > ossec-list+...@googlegroups.com <javascript:>. > >> For more options, visit https://groups.google.com/d/optout. > > > > -- > > > > --- > > You received this message because you are subscribed to the Google > Groups "ossec-list" group. > > To unsubscribe from this group and stop receiving emails from it, send > an email to ossec-list+...@googlegroups.com <javascript:>. > > For more options, visit https://groups.google.com/d/optout. > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
