Our current process is to pre-load the manager with client names to generate the client.keys file, then distribute that with the client install and have the install script search for the client by name in the client.keys file and output that line to the local client key.
Using Type piped to Findstr on Windows. If you happen to be on Linux there is a better way! http://dcid.me/2011/01/automatically-creating-and-setting-up-the-agent-keys/ Scott Klauminzer Director of Information Technology & Security Sent from my iPad On Sep 26, 2012, at 4:28 PM, Mobile Testing <[email protected]> wrote: > Thank you for feedback,I want to deploy 10000 sets to several ossec servers. > Not is a single server. I need to > know specification and sizing. > > I am suffering from client's key distribution. Somebody help me,thank you. > > 從我的 iPhone 傳送 > > Kat <[email protected]> 於 2012/9/26 上午4:56 寫道: > >> with the new "Hybrid" feature, why would you want to deploy 10000 to a >> single manager? As someone who has had 3000-4000 dedicated to single >> managers, I would strongly suggest a tiered approach. It just makes more >> sense. Yes, you would have to wait for 2.7 to finish the beta cycle, but to >> me, I would think this is the way to go. >> >> 10000 on a manager trying to maintain all the connections - just think of >> the load on the NIC(s) and the biggest problem being that the analysisd >> process is single threaded, so you are pumping all that data through one >> engine. >> >> I will say that yes, others are correct - management through a configuration >> system such as puppet or cfengine is the only way to go, and not trying to >> use the agent management directly within OSSEC. >> >> Just my 2 cents >> Kat >> >> On Tuesday, September 25, 2012 11:57:01 AM UTC-7, JB wrote: >>> >>> I know there are deployments of more than 3000 agents on one OSSEC server. >>> You need to keep an eye on the amount of network traffic though. >>> Overloading can result in lost events. >>> Refer to http://www.ossec.net/?p=449 under the heading OSSEC Symposium Day >>> 2.. >>> >>> On Sunday, September 23, 2012 5:24:17 PM UTC-7, JJ Yu wrote: >>>> >>>> Dears, >>>> Is there any one knows large scale development ? I want to >>>> implement over 10000 set. There is an issue on how to deployment client >>>> key and management. >>>> Could you share any experience? >>>> Many thanks. >>>> Br. JJ
