At this time (sending per event immediately) *lots of* producing 5156 Windows Firewall Event:
The Windows Filtering Platform has permitted a connection. Application Information: Process ID:0 Application Name:\program files (x86)\ossec-agent\ossec-agent.exe Network Information: Direction:Outbound Source Address:192.10.10.5 Source Port:233 Destination Address:192.10.10.10 Destination Port:1514 Protocol:17 Filter Information: Filter Run-Time ID:0x10baa Layer Name:Connect Layer Run-Time ID:0x30 And OSSEC agent handle this event, try to send OSSEC Server, and also this sending produce 5156 Windows log that *cause infinite loop in ossec agent.* So computer memory (15 gb) is not sufficent to handle this operations. Is there any plan or suggestion to batch sending or any idea? 8 Haziran 2016 Çarşamba 19:57:00 UTC+3 tarihinde dan (ddpbsd) yazdı: > > On Wed, Jun 8, 2016 at 12:48 PM, Abdulvehhab Agin <[email protected] > <javascript:>> wrote: > > Hi, > > > > I am looking for optimization sending windows events log. My systems > > generate too much windows events. > > > > I analysed network traffic via wireshark, OSSEC generates too much open > > connection and send logs (about 40 /peer second) > > > > > > Thus, > > > > I don't want to connect ossec server for per event. Is there any > > configuration to send logs via together (For Ex: Per 5 MB or 100 events > -> > > send logs)? > > > > There aren't any configurations to batch send logs or anything. > > > > > I am found in internal_options.conf > > monitord.day_wait=10 but it is not affect my ossec agent? > > > > monitord does not run on agents. > > > > > > > > > Best Regards > > > > -- > > > > --- > > You received this message because you are subscribed to the Google > Groups > > "ossec-list" group. > > To unsubscribe from this group and stop receiving emails from it, send > an > > email to [email protected] <javascript:>. > > For more options, visit https://groups.google.com/d/optout. > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
