Re: [ossec-list] how do you know certainly server get the logs from agent. because it uses UDP port 1514

I adjusted my rmem default and max and I still get send/receive errors. My values are 16777216 and 26214400 (respectively). I think remoted isnt reading the buffer fast enough to process. -- --- You received this message because you are subscribed to the Google Groups ossec-list group. To

Re: [ossec-list] how do you know certainly server get the logs from agent. because it uses UDP port 1514

On 2014-05-13 9:18, BP9906 wrote: I adjusted my rmem default and max and I still get send/receive errors. My values are 16777216 and 26214400 (respectively). I think remoted isnt reading the buffer fast enough to process. This is what I have for an environment that bursts to maybe 1,000 EPS. I

Re: [ossec-list] how do you know certainly server get the logs from agent. because it uses UDP port 1514

On 2014-05-13 9:44, Darin Perusich wrote: If you want reliable syslog retrieval I recommend you abandon using OSSEC and use rsyslog with the RELP module enabled. Then if you want to do post processing your logs looking for events use a tool 'sec', simple event correlator, or splunk, or

Re: [ossec-list] how do you know certainly server get the logs from agent. because it uses UDP port 1514

On Tue, May 13, 2014 at 10:51 AM, Michael Starks ossec-l...@michaelstarks.com wrote: On 2014-05-13 9:44, Darin Perusich wrote: If you want reliable syslog retrieval I recommend you abandon using OSSEC and use rsyslog with the RELP module enabled. Then if you want to do post processing your

[ossec-list] how do you know certainly server get the logs from agent. because it uses UDP port 1514

https://lh4.googleusercontent.com/-pfoF5hylM_Y/U3CPVfQWEAI/AUE/rwFhp-o5Ve0/s1600/Untitled.png hi everybody. when i see the picture.I wonder how do you know certainly server get the logs from agent. because it uses UDP port 1514 udp protocal never check destination have recived packet

Re: [ossec-list] how do you know certainly server get the logs from agent. because it uses UDP port 1514

On Mon, May 12, 2014 at 5:10 AM, Nguyễn Văn Hớn honi...@gmail.com wrote: hi everybody. when i see the picture.I wonder how do you know certainly server get the logs from agent. because it uses UDP port 1514 udp protocal never check destination have recived packet when it send on network

Re: [ossec-list] how do you know certainly server get the logs from agent. because it uses UDP port 1514

I'm pretty sure OSSEC agent/servers send ACK messages when they receive a message and also have a counter associated with what messages they've sent/received. I've had network issues between my agent and servers and once the connection is restored I see a large spike of messages as the server

Re: [ossec-list] how do you know certainly server get the logs from agent. because it uses UDP port 1514

On 2014-05-12 8:39, Joshua Garnett wrote: I'm pretty sure OSSEC agent/servers send ACK messages when they receive a message and also have a counter associated with what messages they've sent/received.  I've had network issues between my agent and servers and once the connection is restored I see

Re: [ossec-list] how do you know certainly server get the logs from agent. because it uses UDP port 1514

On 2014-05-12 4:10, Nguyễn Văn Hớn wrote: [1]hi everybody. when i see the picture.I wonder how do you know certainly server get the logs from agent. because it uses UDP port 1514 udp protocal never check destination have recived packet when it send on network The short answer is you don't.

Re: [ossec-list] how do you know certainly server get the logs from agent. because it uses UDP port 1514

I also thought so very thankful for your help :) Vào 21:19:00 UTC+7 Thứ hai, ngày 12 tháng năm năm 2014, Michael Starks đã viết: On 2014-05-12 4:10, Nguyễn Văn Hớn wrote: [1]hi everybody. when i see the picture.I wonder how do you know certainly server get the logs from agent.