Hi Aamir, Thanks for your reply. I went through the link you sent. Currently I am only testing the performance of the log analysis components. (We intend to use only log-analysis and leave out the file integrity checking and rootkit detection.)
You mentioned that this can be setup in the ossec.conf file. Do you have a link that explains the various configuration options in ossec.conf or would you happen to know what the syntax of the configuration should be? My existing file is very sparse - it just lists the rules xml and the list of log files to be monitored. Thanks. On Tue, Sep 21, 2010 at 1:03 PM, Aamir Niazi <[email protected]> wrote: > You can check this link > > http://www.ossec.net/main/manual/manual-syscheck/realtime-file-integrity-monitoring/ > > You can also set the frequency in ossec.conf to whatever you like. Hope > this helps. > > Typos, courtesy of the wireless device. > ------------------------------ > *From: * Christopher Moraes <[email protected]> > *Sender: * [email protected] > *Date: *Tue, 21 Sep 2010 12:17:52 -0400 > *To: *<[email protected]> > *ReplyTo: * [email protected] > *Subject: *[ossec-list] Performance testing of OSSEC > > Hello everyone, > > I have just joined the ossec-list. I am evaluating (performance testing) > OSSEC for my organization to see whether OSSEC can handle a volume of > 2500-3000 events per second. > > I have created the following test setup - > - Dual Core Linux server with 4 GB RAM > - OSSEC is installed on this server (local mode) and is configured to > monitor 4 log files, which I am filling using a script. > > I ran the test yesterday and OSSEC updated the stats folder only at eod. > Is there anyway to get OSSEC to report on the stats either > i. in real time? > ii. at least every hour? > > Thanks and regards, > Chris > > >
