6mile
commented
6 years ago You will have to increase your ulimit by running at the command line:
ulimit -n 10000
Additionally, you should tell the SIPServer to increase its events per second value in /var/ossec/etc/shared/agent.conf on the SIPServer. Change this line:
to this:
...and then restart the agent on the server AND the client:
/var/ossec/bin/ossec-control restart
I just connected a new agent to my SIPServer and I'm seeing this error in the SIPServer ossec log at /var/ossec/logs/ossec.log:
2018/04/10 16:20:04 ossec-agent: WARNING: Agent buffer at 90 %. 2018/04/10 16:20:07 ossec-agent: WARNING: Agent buffer is full: Events may be lost. 2018/04/10 16:20:22 ossec-agent: WARNING: Agent buffer is flooded: Producing too many events.
What does this mean?