Hi Ed, The log analysis part of OSSEC is very lightweight, so it should support a good load of logs well. A while back I did some tests with an old box and it was able to handle more than 600 events per second on an PIII system:
http://www.ossec.net/dcid/?p=69 So, depending on the number of events per second, you can even use an old spare box as the ossec manager. Thanks, -- Daniel B. Cid dcid ( at ) ossec.net On Thu, Mar 12, 2009 at 12:30 PM, Edmund Cuison <[email protected]> wrote: > Hello, > > My only question is how well does OSSEC handle the load from the logs? > My company has tested other logging analysis engines and the machine was > just buried. > > Thanks, > > -Ed > > ________________________________ > Hotmail® is up to 70% faster. Now good news travels really fast. Find out > more.
