Is there a way to decrease the time between checks when the agent is checking log files? It's looking like the Windows agent checks the ftp logs roughly every 2 minutes possibly (?). With the ftp brute force attacks, they were coming in at about 3 attempts per second, so were sometimes getting in about 400 attempts in between OSSec checks. Just saw a brute force attempt this week trying 7 logins per second -so it seemed to be getting in about 800 attempts before OSSec would shut down that route for that IP address.
Is there a way to have the OSSec agent check once a minute, or would that start to impact the server performance too much? Greg
