Hello Eveyone:
I have a problem with our OSEC agents right now. We use OSSEC to monitor events and send them to our SIEM AlienVault.
The problem we have is that in the last week, it has been usign too much bandwidht in our network.
Cheking the SIEM server I found too many packets beeing send by port 1514 with the same lenght, 417. ( some little cases 409)
I have never seen this behaviour before.
I have checked the audit configuration inside my WIndows workstations (where is OSSEC installed), and the the adit is enable just for security logs.
Please let me know if you have some idea of this behaviour.
Thanks!!
OSSEC usign too much bandwidth
Re: OSSEC usign too much bandwidth
I am sorry to hear that! We do have some checks you can do when there is high load issues. Please take a look here and see if any of these steps help:
https://support.atomicorp.com/hc/en-us/ ... h-CPU-load
https://support.atomicorp.com/hc/en-us/ ... h-CPU-load
- mikeshinn
- Atomicorp Staff - Site Admin
- Posts: 4149
- Joined: Thu Feb 07, 2008 7:49 pm
- Location: Chantilly, VA
Re: OSSEC usign too much bandwidth
What version of OSSEC are using?
Michael Shinn
Atomicorp - Security For Everyone
Atomicorp - Security For Everyone