Ossec has encountered a lot of problems in batch deployment, say two of them.
1, key_gen.py the script can generate up to 1000 keys at a time, more than 1000 agents, need to generate more than a few times, as long as the IP corresponding to the correct key. The agent's name supports up to 32 characters, and more than 32 characters will cause an error.
The script can add, remove, extract, import agents
/root/ossec-hids-2.8.3/contrib/ossec-batch-manager.pl
Usage:/root/ossec-hids-2.8.3/contrib/ossec-batch-manager.pl [Operation] [OPTIONS]
[Operations]
-A or--add = Add a new agent
-R or--remove [id] = Remove agent
-E or--extract [id|name|ip] = Extract key
-M or--import [keydata] = Import Key
-L or--list = list available agents
[Options]
-K or--key [keydata] = key data
-N or--name [name] = Agent name (character Max)
-I or--id [id] = Agent identification (integer)
-P or--ip [IP] = IP address
2, each Ossec-server default support 256 agents, the maximum support of 2048 agents. To support 2048 agents, you need to set them up before installing.
[Email protected] ~]# CD ossec-hids-2.8.3/src/
[email protected] src]# make setmaxagents
Specify maximum number of agents:2048
Maximum number of agents set to 2048.
[Email protected] src]# CD.
[Email protected] ossec-hids-2.8.3]#./install.sh
...
...
Linux system default maximum open file number is 1024, need to modify kernel parameter is 2048
[Email protected] ossec-hids-2.8.3]# ulimit-n 2048
[Email protected] ossec-hids-2.8.3]# sysctl-w kern.maxfiles=2048
[Email protected] ossec-hids-2.8.3]# sysctl-w net.core.rmem_default=5123840
[Email protected] ossec-hids-2.8.3]# sysctl-w Net.core.rmem_max = 5123840
Set the boot from boot, add the file at the end of the
[Email protected] ossec-hids-2.8.3]# Vi/etc/profile
Ulimit-n 2048
[Email protected] ossec-hids-2.8.3]# vi/etc/security/limits.conf
Ossec Soft Nofile 2048
Ossec Hard Nofile 2048
OSSECR Soft Nofile 2048
OSSECR Hard Nofile 2048
After the setting is complete, the execution command takes effect
[Email protected] ossec-hids-2.8.3]# Source/etc/profile
[Email protected] ossec-hids-2.8.3]# sysctl-p
To see if the open files were successfully set to 2048
[Email protected] ossec-hids-2.8.3]# ulimit-a
Core file size (blocks,-c) 0
Data seg Size (Kbytes,-D) Unlimited
Scheduling Priority (-e) 0
File size (blocks,-f) Unlimited
Pending signals (-i) 62838
Max locked Memory (Kbytes, L) 64
Max memory Size (Kbytes,-m) unlimited
Open files (-N) 2048
Pipe Size (bytes,-p) 8
POSIX message queues (bytes,-Q) 819200
Real-time priority (-R) 0
Stack size (Kbytes,-s) 10240
CPU time (seconds,-t) unlimited
MAX User Processes (-u) 62838
Virtual Memory (Kbytes,-V) Unlimited
File locks (-X) Unlimited
Start the Ossec service, and in the Ossec log you can see if the settings are successful.
[[email protected] ossec-hids-2.8.3]# grep ' 2048 '/var/ossec/logs/ossec.log
2016/03/29 14:11:37 ossec-remoted (4111): info:maximum number of agents allowed: ' 2048 '.
2016/03/29 14:12:09 ossec-remoted (4111): info:maximum number of agents allowed: ' 2048 '.
This article is from "Kaka West" blog, please be sure to keep this source http://whnba.blog.51cto.com/1215711/1760412
Centos 6.4 Ossec deploys more than 1000 agents to encounter pits