The following link outlines the various options: http://www.ossec.net/main/manual/configuration-options/
If the stats you're looking to have updated at the ones in /var/ossec/stats, there aren't really any configuration options for those. On Tue, Sep 21, 2010 at 3:10 PM, Christopher Moraes <[email protected]> wrote: > Hi Aamir, > Thanks for your reply. I went through the link you sent. Currently I am > only testing the performance of the log analysis components. (We intend to > use only log-analysis and leave out the file integrity checking and rootkit > detection.) > You mentioned that this can be setup in the ossec.conf file. Do you have a > link that explains the various configuration options in ossec.conf or would > you happen to know what the syntax of the configuration should be? My > existing file is very sparse - it just lists the rules xml and the list of > log files to be monitored. > Thanks. > > On Tue, Sep 21, 2010 at 1:03 PM, Aamir Niazi <[email protected]> wrote: >> >> You can check this link >> >> http://www.ossec.net/main/manual/manual-syscheck/realtime-file-integrity-monitoring/ >> >> You can also set the frequency in ossec.conf to whatever you like. Hope >> this helps. >> >> Typos, courtesy of the wireless device. >> >> ________________________________ >> From: Christopher Moraes <[email protected]> >> Sender: [email protected] >> Date: Tue, 21 Sep 2010 12:17:52 -0400 >> To: <[email protected]> >> ReplyTo: [email protected] >> Subject: [ossec-list] Performance testing of OSSEC >> Hello everyone, >> I have just joined the ossec-list. I am evaluating (performance testing) >> OSSEC for my organization to see whether OSSEC can handle a volume of >> 2500-3000 events per second. >> I have created the following test setup - >> - Dual Core Linux server with 4 GB RAM >> - OSSEC is installed on this server (local mode) and is configured to >> monitor 4 log files, which I am filling using a script. >> I ran the test yesterday and OSSEC updated the stats folder only at eod. >> Is there anyway to get OSSEC to report on the stats either >> i. in real time? >> ii. at least every hour? >> Thanks and regards, >> Chris >> > >
