There are two options to increase the scanning frequency. For syscheck (integrity checking), just edit the option "frequency" under syscheck to be lower. The default is 7200, so it will scan the file system every two hours.
<syscheck> <!-- Frequency that syscheck is executed - default every 2 hours --> <frequency>7200</frequency> .. </syscheck> The second option is to increase the polling time for logcollector. By default it checks for new messages every two seconds. To change that, go to /var/ossec/etc/internal_options.conf and change logcollector.loop_timeout=2 To whatever value to you want. Hope it helps .. -- Daniel B. Cid dcid ( at ) ossec.net On 7/31/06, Oyesanya, Femi <[EMAIL PROTECTED]> wrote:
Scan faster. An standard recommendation for performance tune the agent -----Original Message----- From: [email protected] [mailto:[EMAIL PROTECTED] On Behalf Of Daniel Cid Sent: Monday, July 31, 2006 9:23 AM To: [email protected] Subject: [ossec-list] Re: Agent run slow on windows What do you mean by improving performance? You mean scan the file system faster (with syscheck) or poll the logs more frequently? Or is the problem somewhere else? Thanks, -- Daniel B. Cid dcid ( at ) ossec.net On 7/31/06, Oyesanya, Femi <[EMAIL PROTECTED]> wrote: > > Any ideas on how to improve performance on the Windows agent ? > > -----Original Message----- > From: [email protected] [mailto:[EMAIL PROTECTED] > On Behalf Of Joe Barr > Sent: Monday, July 31, 2006 11:52 AM > To: [email protected] > Subject: [ossec-list] Re: ZK Rootkit > > > On Mon, 2006-07-31 at 11:54 +0300, Meir Michanie wrote: > > can you give us the output of > > rpm -qf /etc/sysconfig/console/load.zk > > then run > > rpm -qV <packetname> > > > [EMAIL PROTECTED]:~> rpm -qf /etc/sysconfig/console/load.zk > error: file /etc/sysconfig/console/load.zk: Not a directory > > > > > >
