On Thu, 23 Sep 2010 17:00:27 -0400, Christopher Moraes <[email protected]> wrote:
> *Observations:* > - OSSEC scales vertically, using more CPU as the load (EPS) increases > - At 11,000 EPS, log-collector and analysisd used a combined average of > 70% > of the CPU > - Memory utilization was between 1-2% irrespective of the EPS > - Size of the log files has no effect on the performance of OSSEC (8.5 GB > log file was used during the test) I forgot to mention that I have also tuned the I/O a bit. OSSEC is on its own partition and the fstab looks similar to this: /dev/VolGroup00/ossec /log/ossec ext3 defaults,noatime 1 2 Notice the "noatime" option. This will make it so the atime of the files are not updated, and since files such as alerts.log are constantly changing, this can help. -- [I] Immutable Security Information Security, Privacy and Personal Liberty http://www.immutablesecurity.com
