Thank you for this work and for sharing with the list/community. I would like to add your testing results and methods into ossec.net/doc/ (beta docs for up and coming release). If you give permission could you also send me any scripts/tools and method details to the list also to be included?
Thank you again, Jeremy Rossi Sent from my iPhone On Sep 23, 2010, at 11:01 AM, Christopher Moraes <[email protected]> wrote: > Hi Everyone, > > Here are the results from Day 2 of my Performance test - > > 1. Generated 11,000 EPS in the log files being monitored. > 2. OSSEC scaled beautifully to process at exactly the same rate - 11,000 > EPS. > 3. CPU utilization increased to 50% (avg) for analysisd and 20% (avg) for > log-collector > 4. Memory utilization is steady at 1-2% > > Test Setup - > - The hardware (VM) remains same as mentioned below. > - Load is generated across 4 log files - messages (linux syslog), maillog, > apache access log and apache error log > - Alert severity is set to 1 > - While testing with 11,000 EPS the log files were approx 6-8 GB in size. I > have not seen any degradation in performance with increase in the size of the > log file being monitored. > - CPU utilization is reported as % of total CPU time (in this case % of > combined 2 core CPU setup) > > I will tabulate the results from all the test runs and will share with the > group. > > Dan, I will try to test client/server mode either tomorrow or Mon. > > > > Here are some results of another performance test round - > > 1. Generated 6000 EPS in the log files > > 2. OSSEC processed at the same rate i.e. 6000 EPS > > 3. CPU utilization increased to 30% (avg) for analysisd and 10% (avg) for > > log-collector > > 4. Memory utilization is steady at 1% > > Test Server: > > RHEL VM setup with dual CPU and 4 GB RAM. > > OSSEC has been installed in "Local" mode > > OSSEC seems to be vertically scaling quite well - with an increase in load > > it is consuming more server resources. > > I am now testing with around 10,000 EPS and will publish the results. >
