標籤:ossec
ossec批量部署中遇到了很多問題,說下其中的兩個。
1、key_gen.py該指令碼一次最多產生1000個keys,超過1000台agent,需多產生幾次,只要ip對應正確的key即可。agent的名字最大支援32個字元,超過32個字元就會報錯。
該指令碼可以添加、移除、提取、匯入agent
/root/ossec-hids-2.8.3/contrib/ossec-batch-manager.pl
Usage: /root/ossec-hids-2.8.3/contrib/ossec-batch-manager.pl [OPERATION] [OPTIONS]
[operations]
-a or --add = Add a new agent
-r or --remove [id] = Remove agent
-e or --extract [id|name|ip] = Extract key
-m or --import [keydata] = Import key
-l or --list = List available agents
[options]
-k or --key [keydata] = Key data
-n or --name [name] = Agent name (32 character max)
-i or --id [id] = Agent identification (integer)
-p or --ip [ip] = IP address
2、每一台ossec-server預設支援256個agent,最大支援2048個agent。要想支援2048個agent,需要在安裝之前設定一下。
[[email protected] ~]# cd ossec-hids-2.8.3/src/
[[email protected] src]# make setmaxagents
Specify maximum number of agents: 2048
Maximum number of agents set to 2048.
[[email protected] src]# cd ..
[[email protected] ossec-hids-2.8.3]# ./install.sh
...
...
linux系統預設最大開啟檔案數為1024,需要修改核心參數為2048
[[email protected] ossec-hids-2.8.3]# ulimit -n 2048
[[email protected] ossec-hids-2.8.3]# sysctl -w kern.maxfiles=2048
[[email protected] ossec-hids-2.8.3]# sysctl -w net.core.rmem_default=5123840
[[email protected] ossec-hids-2.8.3]# sysctl -w net.core.rmem_max = 5123840
設定開機自啟動,在該檔案最後添加
[[email protected] ossec-hids-2.8.3]# vi /etc/profile
ulimit -n 2048
[[email protected] ossec-hids-2.8.3]# vi /etc/security/limits.conf
ossec soft nofile 2048
ossec hard nofile 2048
ossecr soft nofile 2048
ossecr hard nofile 2048
設定完成之後,執行命令生效
[[email protected] ossec-hids-2.8.3]# source /etc/profile
[[email protected] ossec-hids-2.8.3]# sysctl -p
查看是否成功設定open files為2048
[[email protected] ossec-hids-2.8.3]# ulimit -a
core file size (blocks, -c) 0
data seg size (kbytes, -d) unlimited
scheduling priority (-e) 0
file size (blocks, -f) unlimited
pending signals (-i) 62838
max locked memory (kbytes, -l) 64
max memory size (kbytes, -m) unlimited
open files (-n) 2048
pipe size (512 bytes, -p) 8
POSIX message queues (bytes, -q) 819200
real-time priority (-r) 0
stack size (kbytes, -s) 10240
cpu time (seconds, -t) unlimited
max user processes (-u) 62838
virtual memory (kbytes, -v) unlimited
file locks (-x) unlimited
啟動ossec服務,在ossec日誌裡面也可以查看是否設定成功
[[email protected] ossec-hids-2.8.3]# grep ‘2048‘ /var/ossec/logs/ossec.log
2016/03/29 14:11:37 ossec-remoted(4111): INFO: Maximum number of agents allowed: ‘2048‘.
2016/03/29 14:12:09 ossec-remoted(4111): INFO: Maximum number of agents allowed: ‘2048‘.
本文出自 “卡卡西” 部落格,請務必保留此出處http://whnba.blog.51cto.com/1215711/1760412
Centos 6.4 ossec部署超過1000台agent遇到的坑
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
