OSSEC is an Open Source Host-based Intrusion Detection System that performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response.
I found my ossec had large numbers of "Recv-Q" in udp port 1514,
I think it's because the ossec-analysisd process too slow.
what can I do to inprove it's performance?
how about the internal_options.conf ?
version: OSSEC HIDS v3.6.0
[bin]# ./ossec-control status
ossec-monitord is running...
ossec-logcollector is running...
ossec-remoted is running...
ossec-syscheckd is running...
ossec-analysisd is running...
ossec-execd not running...
ossec-csyslogd not running...
I found my ossec had large numbers of "Recv-Q" in udp port 1514, I think it's because the ossec-analysisd process too slow. what can I do to inprove it's performance? how about the internal_options.conf ?
version: OSSEC HIDS v3.6.0
[bin]# ./ossec-control status ossec-monitord is running... ossec-logcollector is running... ossec-remoted is running... ossec-syscheckd is running... ossec-analysisd is running... ossec-execd not running... ossec-csyslogd not running...
thanks