Our server runs out of memory when we run the reports, so we have to untar them one by one to a directory and then run the reports. I'd like to see better memory management of the reporting scripts. We have over 600 ossec agents logging to one server. -rich
On Wed, Oct 20, 2010 at 6:01 PM, Shane Warner <[email protected]> wrote: > Not sure what platform you're on, but we build an RPM package and set any > important configuration files up with the config(noreplace) directive to > prevent them from being overwritten on updates. > > On Wed, Oct 20, 2010 at 1:49 PM, McClinton, Rick > <[email protected]> wrote: >> >> From: [email protected] [mailto:[email protected]] On >> Behalf Of Derek Morris >> Sent: Wednesday, October 20, 2010 2:11 PM >> To: [email protected] >> Subject: Re: [ossec-list] Day 4: What bugs you: problems, challenges and >> room for improvement. >> >> I would have to say the Upgrade process. I have to do a diff on numerous >> rules files that i have edited and takes quite a bit of pain staking work to >> complete. >> === >> >> Maybe I'm not as extensive in my modifications, for example, I have never >> written a decoder, but I feel this is a process issue for you. I keep my >> rules in local_rules.xml. If I want to modify a 'stock' rule I copy it to >> local_rules.xml and use the 'overwrite=yes' option. I've never had anything >> but the most smoothness during upgrades. >> Don't modify the default OSSEC files; they don't belong to you, they >> belong to dcid :) >> >> >> >> >> >> >> This message contains TMA Resources confidential information and is >> intended only for the individual named. If you are not the named addressee >> you should not disseminate, distribute or copy this e-mail. Please notify >> the sender immediately by e-mail if you have received this e-mail by mistake >> and delete this e-mail from your system. E-mail transmission cannot be >> guaranteed to be secure or error-free as information could be intercepted, >> corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. >> The sender therefore does not accept liability for any errors or omissions >> in the contents of this message which arise as a result of e-mail >> transmission. If verification is required please request a hard-copy >> version. > >
