[prev in list] [next in list] [prev in thread] [next in thread]
List: ossec-list
Subject: Re: [ossec-list] Feature Requests ?
From: "--[ UxBoD ]--" <uxbod () splatnix ! net>
Date: 2009-12-31 14:43:08
Message-ID: 31768761.610.1262270588245.JavaMail.root () office ! splatnix ! net
[Download RAW message or body]
----- "dan (ddp)" <ddpbsd@gmail.com> wrote:
| On Tue, Dec 29, 2009 at 2:08 PM, --[ UxBoD ]-- <uxbod@splatnix.net>
| wrote:
| >
| > Appreciate your response; though as syscheck runs as root it is very
| hard to set via limits.conf as it would effect all root processes. I
| thought about adding ossec as a supplementary group to root and using
| that to reset the priority via limits.conf but I believe it only looks
| at the primary group. Do you believe this request would be feasible
| or should I look at alternative methods; though it would offer greater
| flexibility via the shared agent configuration of OSSEC.
| >
| > Thanks.
| >
|
| I don't know how easy it would be to add it into the ossec code, but
| I
| imagine it wouldn't be too difficult to hack it into the
| ossec-control
| script.
| You could add a NICE=0 near the top (keep it at the current level by
| default).
| Then in the stop) section, renice the appropriate pids if NICE != 0.
|
| Not quite as elegant as adding the functionality into ossec itself,
| but quick and easy.
Dan,
agreed that would be a quick and easy change; though how easy would it be to implement the following:
modifying runcheck.c and changing:
#ifdef SCHED_BATCH
struct sched_param pri;
int status;
pri.sched_priority = 0;
status = sched_setscheduler(0, SCHED_BATCH, &pri);
debug1("%s: Setting SCHED_BATCH returned: %d", ARGV0, status);
#endif
to something like:
#ifdef SCHED_BATCH
struct sched_param pri;
int status;
pri.sched_priority = syscheck.nice;
status = sched_setscheduler(0, SCHED_BATCH, &pri);
debug1("%s: Setting SCHED_BATCH returned: %d", ARGV0, status);
#endif
where syscheck.nice can be defined in config.c:
syscheck.nice = 0
and a new option:
<nice>10</nice>
with that the priority could be defined within shared/agent.conf and pushed out to the clients.
Thank you - Awesome product!
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic