OSSEC usign too much bandwidth

Support/Development for OSSEC
lelylo
New Forum User
New Forum User
Posts: 1
Joined: Wed Feb 24, 2021 11:27 am
Location: Ecuador

OSSEC usign too much bandwidth

Unread post by lelylo »

Hello Eveyone:

I have a problem with our OSEC agents right now. We use OSSEC to monitor events and send them to our SIEM AlienVault.
The problem we have is that in the last week, it has been usign too much bandwidht in our network.
Cheking the SIEM server I found too many packets beeing send by port 1514 with the same lenght, 417. ( some little cases 409)

I have never seen this behaviour before.
I have checked the audit configuration inside my WIndows workstations (where is OSSEC installed), and the the adit is enable just for security logs.
Please let me know if you have some idea of this behaviour.
Thanks!!
User avatar
cponton
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 13
Joined: Fri Oct 09, 2020 9:41 am

Re: OSSEC usign too much bandwidth

Unread post by cponton »

I am sorry to hear that! We do have some checks you can do when there is high load issues. Please take a look here and see if any of these steps help:
https://support.atomicorp.com/hc/en-us/ ... h-CPU-load
User avatar
mikeshinn
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 4119
Joined: Thu Feb 07, 2008 7:49 pm
Location: Chantilly, VA

Re: OSSEC usign too much bandwidth

Unread post by mikeshinn »

What version of OSSEC are using?
Post Reply