Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Reduce High Volume of Inventory Events Generated by Agent #407

Open
vikman90 opened this issue Dec 10, 2024 · 0 comments
Open

Reduce High Volume of Inventory Events Generated by Agent #407

vikman90 opened this issue Dec 10, 2024 · 0 comments
Labels
level/task Task issue module/inventory Inventory module type/change Change performed in a resource or Wazuh Cloud environment

Comments

@vikman90
Copy link
Member

Description

The Wazuh agent performs regular system inventory synchronization. By default, it is configured to inventory all supported data, including:

  • Active processes
  • Open ports
  • Ports in use

Both active processes and ports in use tend to change frequently, resulting in a significant volume of stateful synchronization messages (create/delete events). While this behavior is expected given the current configuration, it can lead to an overload of events and potentially impact system performance.

Proposal

To reduce the volume of inventory synchronization messages, we propose disabling the following inventory options:

  • Processes inventory: Disable inventory of active processes.
  • Ports in use inventory: Disable inventory of ports in use.

These options can be adjusted in the agent configuration as follows:

processes: false
ports_all: false

This adjustment is expected to significantly reduce the number of inventory-related events without affecting other critical functionalities.
@vikman90 vikman90 added level/task Task issue type/change Change performed in a resource or Wazuh Cloud environment module/inventory Inventory module labels Dec 10, 2024
@vikman90 vikman90 changed the title Reduce High Volume of Inventory Events (Create/Delete) Generated by Agent Reduce High Volume of Inventory Events Generated by Agent Dec 10, 2024
@wazuhci wazuhci moved this to Backlog in Release 5.0.0 Dec 11, 2024
@wazuhci wazuhci removed this from Release 5.0.0 Dec 16, 2024
@wazuhci wazuhci moved this to Backlog in Release 5.0.0 Dec 17, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
level/task Task issue module/inventory Inventory module type/change Change performed in a resource or Wazuh Cloud environment
Projects
Release 5.0.0
Status: Backlog
Milestone
No milestone
Development

No branches or pull requests
1 participant
@vikman90