On 8/12/06, Meir Michanie <[EMAIL PROTECTED]> wrote:
I know about this issue and we are studing how to improve efficiency of traffic between agents and server. Thank you for your email.On 8/10/06, Charles Kefauver <[EMAIL PROTECTED]> wrote:
Monitoring "small" logs like the /var/log/messages or the /var/log/
secure logs is fine.
But I have setup as an agent a very heavily used web server, and when
I added the apache logs to my ossec.conf file on the web server I
inmediately noticed the bandwith usage go up!
The log collector on the agent is sending every single apache log
line (both access and error) to the ossec server.
What I think would be nice is to have the agent only send log lines
that match a rule. This would save a lot on bandwith....
Maybe an idea for a future version... I guess that there would be two
ways to implement this:
1) Have the "agent" periodically request the full rule set from the
"server", or
2) Be able to override rules on the "agent", in my case I would only
have a modified apache_rules.xml file on the agent machine.
In the meanwhile I have turned off monitorization of the access_log
and now only monitor the error_log.
Regards,
Charles
____________________________________________________
Institut Balear de Comunicacions, S.L.
Gremio Tejedores 22, 1
07009 Palma de Mallorca, Spain
Tel: +34 971.45.90.99 | Mobile: +34 607.87.12.77
Fax: +34 971.43.08.18 | E-mail: [EMAIL PROTECTED]
URL: http://www.ibacom.es/
____________________________________________________
