On 09/21/2010 02:10 PM, Christopher Moraes wrote:
Hi Aamir,
Thanks for your reply. I went through the link you sent. Currently I
am only testing the performance of the log analysis components. (We
intend to use only log-analysis and leave out the file integrity
checking and rootkit detection.)
The short answer is that ossec-analysisd is not the bottleneck. Disk I/O
and kernel parameters will slow things down first. Specifically, I
recall UDP buffers having an affect. Seems like a good topic for Week of
OSSEC. I know Daniel in particular has done extensive testing in this
area. From what I recall, I think you can reasonably expect around 1,000
eps on a well-tuned system.
--
Michael Starks
[I] Immutable Security
http://www.immutablesecurity.com
