Hi Jon,
OSSEC connects through UDP protocol, that doesn't guarantee that messages
arrive in the same order they were delivered.
In order to prevent replay attacks, OSSEC verifies the counter from every
message. I think there is a network issue, perhaps congestion, so messages
arrive
Hey there! I think it's actually due to the *remoted.verify_msg_id* option
in internal_options.conf
Once I turned this off, messages were coming in out of order, but all
messages were getting received!
On Tuesday, October 4, 2016 at 5:15:25 AM UTC-4, Pedro S wrote:
>
> Hi Jon,
>
> This is an
Hi Jon,
This is an interesting test, I think we can get a lot of useful information
from here.
On my experience probably the bottleneck is on remoted socket/buffer or
logcollector speed performance to read each log line.
For Remoted, try to enable debug mode at the agent,