1. You can configure syscheck to either run slowly over a longer period of time with less CPU usage (default) or quickly over a shorter period of time with higher CPU usage.
To change syscheck to scan quickly, change the following parameters in /var/ossec/etc/internal_options.conf syscheck.sleep=0 syscheck.sleep_after=0 2. For Windows, ensure you exclude directories that have temp files On Wed, Apr 18, 2012 at 8:44 AM, dan (ddp) <[email protected]> wrote: > Install in /var/ossec > Use /var/ossec/rules/local_rules.xml > Use /var/ossec/etc/local_decoder.xml > > > On Wed, Apr 18, 2012 at 8:42 AM, Christian Niedermayer > <[email protected]> wrote: > > Hello, > > > > > > > > did somebody have any tuning tips or options in OSSEC (Server and Agent)? > > > > > > > > Regards > > > > > > > > Christian >
