HI all, I have defined several rules to monitor firewall logs. These rules send an alert if srcip or dstip match with several cdb IP blacklists (from dshield, RBN, shadowserver, etc) ... but cost it is too expensive. ossec-analysisd spends a lot of CPU resources to process firewall logs received. (over 7 million every day).
Exists some best approach to accomplish this task using ossec?? -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
