Centos 6.4 Ossec deploys more than 1000 agents to encounter pits

Ossec has encountered a lot of problems in batch deployment, say two of them.

1, key_gen.py the script can generate up to 1000 keys at a time, more than 1000 agents, need to generate more than a few times, as long as the IP corresponding to the correct key. The agent's name supports up to 32 characters, and more than 32 characters will cause an error.

The script can add, remove, extract, import agents

/root/ossec-hids-2.8.3/contrib/ossec-batch-manager.pl

Usage:/root/ossec-hids-2.8.3/contrib/ossec-batch-manager.pl [Operation] [OPTIONS]

[Operations]

-A or--add = Add a new agent

-R or--remove [id] = Remove agent

-E or--extract [id|name|ip] = Extract key

-M or--import [keydata] = Import Key

-L or--list = list available agents

[Options]

-K or--key [keydata] = key data

-N or--name [name] = Agent name (character Max)

-I or--id [id] = Agent identification (integer)

-P or--ip [IP] = IP address

2, each Ossec-server default support 256 agents, the maximum support of 2048 agents. To support 2048 agents, you need to set them up before installing.

[Email protected] ~]# CD ossec-hids-2.8.3/src/

[email protected] src]# make setmaxagents

Specify maximum number of agents:2048

Maximum number of agents set to 2048.

[Email protected] src]# CD.

[Email protected] ossec-hids-2.8.3]#./install.sh

...

...

Linux system default maximum open file number is 1024, need to modify kernel parameter is 2048

[Email protected] ossec-hids-2.8.3]# ulimit-n 2048

[Email protected] ossec-hids-2.8.3]# sysctl-w kern.maxfiles=2048

[Email protected] ossec-hids-2.8.3]# sysctl-w net.core.rmem_default=5123840

[Email protected] ossec-hids-2.8.3]# sysctl-w Net.core.rmem_max = 5123840

Set the boot from boot, add the file at the end of the

[Email protected] ossec-hids-2.8.3]# Vi/etc/profile

Ulimit-n 2048

[Email protected] ossec-hids-2.8.3]# vi/etc/security/limits.conf

Ossec Soft Nofile 2048

Ossec Hard Nofile 2048

OSSECR Soft Nofile 2048

OSSECR Hard Nofile 2048

After the setting is complete, the execution command takes effect

[Email protected] ossec-hids-2.8.3]# Source/etc/profile

[Email protected] ossec-hids-2.8.3]# sysctl-p

To see if the open files were successfully set to 2048

[Email protected] ossec-hids-2.8.3]# ulimit-a

Core file size (blocks,-c) 0

Data seg Size (Kbytes,-D) Unlimited

Scheduling Priority (-e) 0

File size (blocks,-f) Unlimited

Pending signals (-i) 62838

Max locked Memory (Kbytes, L) 64

Max memory Size (Kbytes,-m) unlimited

Open files (-N) 2048

Pipe Size (bytes,-p) 8

POSIX message queues (bytes,-Q) 819200

Real-time priority (-R) 0

Stack size (Kbytes,-s) 10240

CPU time (seconds,-t) unlimited

MAX User Processes (-u) 62838

Virtual Memory (Kbytes,-V) Unlimited

File locks (-X) Unlimited

Start the Ossec service, and in the Ossec log you can see if the settings are successful.

[[email protected] ossec-hids-2.8.3]# grep ' 2048 '/var/ossec/logs/ossec.log

2016/03/29 14:11:37 ossec-remoted (4111): info:maximum number of agents allowed: ' 2048 '.

2016/03/29 14:12:09 ossec-remoted (4111): info:maximum number of agents allowed: ' 2048 '.

This article is from "Kaka West" blog, please be sure to keep this source http://whnba.blog.51cto.com/1215711/1760412

Centos 6.4 Ossec deploys more than 1000 agents to encounter pits