41 agents total. Here are the stats from /var/ossec/stats/hourly-average: for i in *; do echo -n "$i "; cat $i; echo ""; done |sort -n 0 144467 1 135681 2 143439 3 139292 4 143869 5 139974 6 143945 7 156203 8 179020 9 199613 10 220229 11 199679 12 235240 13 200294 14 171326 15 173679 16 165433 17 116530 18 94434 19 88046 20 105235 21 98339 22 93802 23 104293 24 1124
Most of the alerts are Windows events coming from domain controllers. Thanks, -- Doug Burks, GSE, CISSP President, Greater Augusta ISSA http://augusta.issa.org http://securityonion.blogspot.com On Mon, Mar 28, 2011 at 3:25 PM, dan (ddp) <[email protected]> wrote: > How many agents? How many events per second? What kind of alerts are > you seeing most of? > > On Mon, Mar 14, 2011 at 5:17 PM, Doug Burks <[email protected]> wrote: >> Agreed. Any ideas on how to find out why analysisd is at 99% cpu? :) >> >> Thanks, >> Doug Burks >> >> On Mon, Mar 14, 2011 at 3:04 PM, dan (ddp) <[email protected]> wrote: >>> I'd start by trying to find out why analysisd is at 99% cpu. >>> >>> On Fri, Mar 11, 2011 at 2:08 PM, Doug Burks <[email protected]> wrote: >>>> Was there ever any conclusion on this problem? I have an OSSEC 2.5.1 >>>> server >>>> with 43 agents. ossec-analysisd is using 99% CPU! Unix agents >>>> periodically >>>> disconnect and will eventually reconnect. What can I do to troubleshoot >>>> this further? >>>> Thanks, >>>> Doug Burks >>> >> >
