From OSSEC Wiki

Jump to: navigation, search
[edit]

Errors when dealing with multiple agents

When you have hundreds (or even thousands) of agents, OSSEC may not work properly by default. There are a few changes that you will need to do:


[edit]

Increase maximum number of allowed agents

To increase the number of agents, before you install (or update OSSEC), just do:


#cd src; make setmaxagents (it will ask how many do you want.. )

Specify maximum number of agents: 2048 (to increase to 2048)
Maximum number of agents set to 20.

#cd ..; ./install.sh


[edit]

Increase your system's limits

Most systems have limits regarding the maximum number of files you can have. A few commands you should try are (to increase to 2048):

# ulimit -n 2048
# sysctl -w kern.maxfiles=2048

Retrieved from "http://ossec.net/wiki/index.php/Errors:LargeNumberAgents"
Views
Personal tools