how to tuning ossec-analysisd?

ossec / ossec-hids

OSSEC is an Open Source Host-based Intrusion Detection System that performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response.

http://www.ossec.net

Other

4.44k stars 1.04k forks source link

how to tuning ossec-analysisd? #2066

Open sanpichen opened 1 year ago

sanpichen commented 1 year ago

I found my ossec had large numbers of "Recv-Q" in udp port 1514, I think it's because the ossec-analysisd process too slow. what can I do to inprove it's performance? how about the internal_options.conf ?

version: OSSEC HIDS v3.6.0

[bin]# ./ossec-control status ossec-monitord is running... ossec-logcollector is running... ossec-remoted is running... ossec-syscheckd is running... ossec-analysisd is running... ossec-execd not running... ossec-csyslogd not running...

thanks

微信图片_20221012151043

libellux commented 1 year ago

Hello @sanpichen check this thread if it might help you with the above: https://groups.google.com/g/ossec-list/c/ZJqksQee1-o