Can't increase the fyle_limit on syscheck #23430
Replies: 2 comments 5 replies
-
What's the output of this https://documentation.wazuh.com/current/user-manual/api/reference.html#operation/api.controllers.agent_controller.get_agent_config GET /agents/<agent_id>/config/syscheck/syscheck Replace the agent_id with the right one I'd expect something like this "data": {
"syscheck": {
"disabled": "no",
"frequency": 43200,
"skip_nfs": "yes",
"skip_dev": "yes",
"skip_sys": "yes",
"skip_proc": "yes",
"scan_on_start": "yes",
"max_files_per_second": 0,
"file_limit": {
"enabled": "yes",
"entries": 150000
},
... |
Beta Was this translation helpful? Give feedback.
4 replies
-
Yup it's working, I guess I just typed something wrong. Thanks |
Beta Was this translation helpful? Give feedback.
1 reply
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
So, I have a machine that I want to increase the file limit because it is giving me the error
"The maximum limit of files monitored has been reached. At this moment there are 100000 files and the limit is 100000. From this moment some events can be lost. You can modify this setting in the centralized configuration or locally in the agent."
So I went to
/var/ossec/etc/ossec.conf
and added to the bottom of the syscheck directive thisand restarted the wazuh-agent service, as it says on the documentation:
https://documentation.wazuh.com/current/user-manual/reference/ossec-conf/syscheck.html#file-limit
But it continues to give me the exact same error. Why?
Beta Was this translation helpful? Give feedback.
All reactions