I have some servers with a large number of files to be monitored (syscheck takes about 4 hours to run).
Currently running OSSEC 2.4.1 on RHEL 5. Upgrade to OSSEC 2.5.1 is imminent Currently I have left internal_options.conf with default values. Any recommendations on making changes to minimise the impact on the server e.g. syscheck.sleep=2 syscheck.sleep_after=15 Has anyone done any testing on the impact of changing these two variables?
