Hi Everyone, Here are the results from Day 2 of my Performance test -
1. Generated 11,000 EPS in the log files being monitored. 2. OSSEC scaled beautifully to process at exactly the same rate - 11,000 EPS. 3. CPU utilization increased to 50% (avg) for analysisd and 20% (avg) for log-collector 4. Memory utilization is steady at 1-2% Test Setup - - The hardware (VM) remains same as mentioned below. - Load is generated across 4 log files - messages (linux syslog), maillog, apache access log and apache error log - Alert severity is set to 1 - While testing with 11,000 EPS the log files were approx 6-8 GB in size. I have not seen any degradation in performance with increase in the size of the log file being monitored. - CPU utilization is reported as % of total CPU time (in this case % of combined 2 core CPU setup) I will tabulate the results from all the test runs and will share with the group. Dan, I will try to test client/server mode either tomorrow or Mon. > > Here are some results of another performance test round - > > 1. Generated 6000 EPS in the log files > > 2. OSSEC processed at the same rate i.e. 6000 EPS > > 3. CPU utilization increased to 30% (avg) for analysisd and 10% (avg) > for > > log-collector > > 4. Memory utilization is steady at 1% > > Test Server: > > RHEL VM setup with dual CPU and 4 GB RAM. > > OSSEC has been installed in "Local" mode > > OSSEC seems to be vertically scaling quite well - with an increase in > load > > it is consuming more server resources. > > I am now testing with around 10,000 EPS and will publish the results. > >
