OSSEC usign too much bandwidth
Posted: Wed Feb 24, 2021 1:33 pm
Hello Eveyone:
I have a problem with our OSEC agents right now. We use OSSEC to monitor events and send them to our SIEM AlienVault.
The problem we have is that in the last week, it has been usign too much bandwidht in our network.
Cheking the SIEM server I found too many packets beeing send by port 1514 with the same lenght, 417. ( some little cases 409)
I have never seen this behaviour before.
I have checked the audit configuration inside my WIndows workstations (where is OSSEC installed), and the the adit is enable just for security logs.
Please let me know if you have some idea of this behaviour.
Thanks!!
I have a problem with our OSEC agents right now. We use OSSEC to monitor events and send them to our SIEM AlienVault.
The problem we have is that in the last week, it has been usign too much bandwidht in our network.
Cheking the SIEM server I found too many packets beeing send by port 1514 with the same lenght, 417. ( some little cases 409)
I have never seen this behaviour before.
I have checked the audit configuration inside my WIndows workstations (where is OSSEC installed), and the the adit is enable just for security logs.
Please let me know if you have some idea of this behaviour.
Thanks!!