Centos 6.4 Ossec deploys more than 1000 agents to encounter pits

Source: Internet
Author: User
Tags ossec

Ossec has encountered a lot of problems in batch deployment, say two of them.


1, key_gen.py the script can generate up to 1000 keys at a time, more than 1000 agents, need to generate more than a few times, as long as the IP corresponding to the correct key. The agent's name supports up to 32 characters, and more than 32 characters will cause an error.


The script can add, remove, extract, import agents

/root/ossec-hids-2.8.3/contrib/ossec-batch-manager.pl


Usage:/root/ossec-hids-2.8.3/contrib/ossec-batch-manager.pl [Operation] [OPTIONS]

[Operations]

-A or--add = Add a new agent

-R or--remove [id] = Remove agent

-E or--extract [id|name|ip] = Extract key

-M or--import [keydata] = Import Key

-L or--list = list available agents

[Options]

-K or--key [keydata] = key data

-N or--name [name] = Agent name (character Max)

-I or--id [id] = Agent identification (integer)

-P or--ip [IP] = IP address



2, each Ossec-server default support 256 agents, the maximum support of 2048 agents. To support 2048 agents, you need to set them up before installing.


[Email protected] ~]# CD ossec-hids-2.8.3/src/


[email protected] src]# make setmaxagents

Specify maximum number of agents:2048

Maximum number of agents set to 2048.


[Email protected] src]# CD.

[Email protected] ossec-hids-2.8.3]#./install.sh

...

...



Linux system default maximum open file number is 1024, need to modify kernel parameter is 2048

[Email protected] ossec-hids-2.8.3]# ulimit-n 2048

[Email protected] ossec-hids-2.8.3]# sysctl-w kern.maxfiles=2048

[Email protected] ossec-hids-2.8.3]# sysctl-w net.core.rmem_default=5123840

[Email protected] ossec-hids-2.8.3]# sysctl-w Net.core.rmem_max = 5123840


Set the boot from boot, add the file at the end of the

[Email protected] ossec-hids-2.8.3]# Vi/etc/profile

Ulimit-n 2048


[Email protected] ossec-hids-2.8.3]# vi/etc/security/limits.conf

Ossec Soft Nofile 2048

Ossec Hard Nofile 2048

OSSECR Soft Nofile 2048

OSSECR Hard Nofile 2048


After the setting is complete, the execution command takes effect

[Email protected] ossec-hids-2.8.3]# Source/etc/profile

[Email protected] ossec-hids-2.8.3]# sysctl-p



To see if the open files were successfully set to 2048

[Email protected] ossec-hids-2.8.3]# ulimit-a


Core file size (blocks,-c) 0

Data seg Size (Kbytes,-D) Unlimited

Scheduling Priority (-e) 0

File size (blocks,-f) Unlimited

Pending signals (-i) 62838

Max locked Memory (Kbytes, L) 64

Max memory Size (Kbytes,-m) unlimited

Open files (-N) 2048

Pipe Size (bytes,-p) 8

POSIX message queues (bytes,-Q) 819200

Real-time priority (-R) 0

Stack size (Kbytes,-s) 10240

CPU time (seconds,-t) unlimited

MAX User Processes (-u) 62838

Virtual Memory (Kbytes,-V) Unlimited

File locks (-X) Unlimited



Start the Ossec service, and in the Ossec log you can see if the settings are successful.

[[email protected] ossec-hids-2.8.3]# grep ' 2048 '/var/ossec/logs/ossec.log

2016/03/29 14:11:37 ossec-remoted (4111): info:maximum number of agents allowed: ' 2048 '.

2016/03/29 14:12:09 ossec-remoted (4111): info:maximum number of agents allowed: ' 2048 '.


This article is from "Kaka West" blog, please be sure to keep this source http://whnba.blog.51cto.com/1215711/1760412

Centos 6.4 Ossec deploys more than 1000 agents to encounter pits

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.