I have about 700 000 000/per day that is amazing Thanks Santiago
11 Mayıs 2016 Çarşamba 23:49:55 UTC+3 tarihinde Abdulvehhab Agin yazdı: > > I will try to mesause by using ossec-eps.sh; but i see it is not for > spesific agent; it is global average for all agents. am i right? > > > I think "logall option" must be configurable in server; it storage events > in server, i think server will be down :( It has 100 agent. > > > When we start ossec service (windows) after 7-10 days; ossec use %7 CPU > (i5 machine); and we see 6gb ram usage for svchost.exe. Is it normal? > When we stop ossec server, after 7-10 days; there is no ram issues > > > > > 2016-05-11 23:25 GMT+03:00 Santiago Bassett <[email protected]>: > >> Try using this script: >> >> https://github.com/ossec/ossec-hids/blob/master/contrib/ossec-eps.sh >> >> Another option is to enable logall option and count events in archive.log >> (you can count all events in a day and then do the math). >> >> Regarding resources it depends on how much data OSSEC manager/agents will >> be processing. There is no official benchmarks so I would recommend to run >> it in a pre-production environment first. >> >> I hope it helps >> >> On Wed, May 11, 2016 at 12:57 PM, Abdulvehhab Agin <> wrote: >> >>> Hello, >>> >>> >>> Is there a way to measure OSSEC agent EPS count; not alarm? >>> >>> And Please let me know us of system resources. >>> >>> >>> Thanks >>> >>> -- >>> >>> --- >>> You received this message because you are subscribed to the Google >>> Groups "ossec-list" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected]. >>> For more options, visit https://groups.google.com/d/optout. >>> >> >> -- >> >> --- >> You received this message because you are subscribed to a topic in the >> Google Groups "ossec-list" group. >> To unsubscribe from this topic, visit >> https://groups.google.com/d/topic/ossec-list/E4gFpT2YF1A/unsubscribe. >> To unsubscribe from this group and all its topics, send an email to >> [email protected]. >> For more options, visit https://groups.google.com/d/optout. >> > > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
