10

We have a data-center and as a happy OSSEC user I am trying to convince my management to use it for host intrusion detection. However I have never deployed it on more than a handful of servers and I am not sure if it does scale.

Anyone has deployed OSSEC on a large scale (say 500+ servers) ? Does it scale ?

quanta
  • 50,327
  • 19
  • 152
  • 213
lisa1987
  • 871
  • 1
  • 9
  • 17

2 Answers2

6

I help manage an existing deployment of 3300+ agents using a single OSSEC server that generates ~300k alerts every 24 hours.

From the OSSEC newsgroup and from direct communications I know of several OSSEC installations that go well beyond 6000 agents (typically configured using multiple OSSEC servers).

Things that we did that helped:

Tate Hansen
  • 271
  • 1
  • 3
1

Discussion on the OSSEC list says that, with a recompile, a server can host tons of agents (the poster there, who I believe is the founder of OSSEC, says he has tried 2048).

Bill Weiss
  • 10,782
  • 3
  • 37
  • 65