how to tuning ossec-analysisd?

Open sanpichen opened this issue 3 years ago • 1 comments

I found my ossec had large numbers of "Recv-Q" in udp port 1514, I think it's because the ossec-analysisd process too slow. what can I do to inprove it's performance? how about the internal_options.conf ?

version: OSSEC HIDS v3.6.0

[bin]# ./ossec-control status ossec-monitord is running... ossec-logcollector is running... ossec-remoted is running... ossec-syscheckd is running... ossec-analysisd is running... ossec-execd not running... ossec-csyslogd not running...

thanks

微信图片_20221012151043

Oct 12 '22 07:10 sanpichen

Hello @sanpichen check this thread if it might help you with the above: https://groups.google.com/g/ossec-list/c/ZJqksQee1-o

Jan 03 '23 21:01 libellux