What is your <frequncy> set to in your <syscheck> section? Do you have active-response enabled? What are your syscheck.sleep and syscheck.sleep_after set to? Do you have <scan_time>, <scan_day>, or <scan_on_start> set? Have you enabled realtime monitoring? Can you post your configuration files?
When you say that the WAN link is 100% utilized, do you mean before your agents start sending traffic? Or during? On Tuesday, January 22, 2013 6:09:41 PM UTC-5, Nadeem Khan wrote: > > I have an issue with ossec server/client ver 2.5.1 , where i have 50+ > ossec agent running on 1 location and it is trying to connect to ossec > server over 10 mb WAN connection , the WAN link is 100% utilize and network > comes to a Halt if i look at logs most of the connection is coming from > ossec agent and the only way to prevent this is to block the port udp 1514 > on the WAN Router. > > I have ossec agent running on the different location may be 4 or 5, which > are working fine. Looks like it is the issue with more agents running at a > location? > > anybody sees these kind of issue? > > thanks for the help in advance. >
