On Thu, 23 Sep 2010 17:00:27 -0400, Christopher Moraes <[email protected]> wrote: > Hi everyone, > > Here are the detailed results of the performance tests that I ran. > > *Summary:* > - The tests covered only the log-analysis functionality of OSSEC > - A total of 4 test runs were done. Each with a different rate of EPS > generated in the log files. > - Each test was run for 2-3 hours and the results were averaged out. > - The test machine is a 2 Core, 4 GB RAM, RHEL Virtual Machine. > - OSSEC is installed in local mode and is monitoring 4 log files - syslog, > maillog, 2 apache logs.
On Thu, 23 Sep 2010 17:00:27 -0400, Christopher Moraes <[email protected]> wrote: > Hi everyone, > > Here are the detailed results of the performance tests that I ran. > > *Summary:* > - The tests covered only the log-analysis functionality of OSSEC > - A total of 4 test runs were done. Each with a different rate of EPS > generated in the log files. > - Each test was run for 2-3 hours and the results were averaged out. > - The test machine is a 2 Core, 4 GB RAM, RHEL Virtual Machine. > - OSSEC is installed in local mode and is monitoring 4 log files - syslog, > maillog, 2 apache logs. Thanks again for your efforts. This is really impressive, but people shouldn't necessarily extrapolate this to agent->manager performance. I have these two lines in /etc/sysctl.conf, which should help with UDP buffers and increase the potential eps for agent->manger communication. You can play with the values to see what happens. net.core.rmem_default = 5123840 net.core.rmem_max = 5123840 Would you like to do another test? :) I would be really interested to see how many eps you can achieve with an agent installed on a laptop and plugged into the server with a crossover cable. "netstat -su" could be helpful to see if the buffers gets maxed. This could give us a theoretical maximum on a set platform for a distributed environment. Of course, network congestion and other factors would cause logs to be dropped. -- [I] Immutable Security Information Security, Privacy and Personal Liberty http://www.immutablesecurity.com
