Hi,
I installed alienvault ossim on my proxmox cluster as a siem solution of my network.
Infact I guess this question can be more related with ossim itself than proxmox, but
i would like to know your experience.
Running proxmox machine has 2x4-core xeon e5410 with 16gb ram.
Ossim uses 3 cores of host cpu, because of ssse3 requirement of ossim and 7gb of ram.
On the same machine there is only one guest running additionally, which is a relatively lightweigth pihole/isc-dhcp server,
and it has a cpu load of almost none.
Ossim guest is consuming 100% cpu of 3 cores almost all time, i see python processes are taking all.
I know my server has obsolote cpus according to day but i saw that it can handle a lot of things before.
Ossim installation is new and I didnt bind any data source to ossim, just itself.
I did all updates and upgrades of ossim and to proxmox too.
I didnt try ossim on a dedicated machine so i have no experience what it will do on a standalone server.
What are your thoughts or experiences if you had about this max cpu usage ?
I learned that siem product is a kind of complex, relatively heavy solution but i havent load it now other than its default settings by now.
Can the problem be running in a virtual machine?
Thanks
I installed alienvault ossim on my proxmox cluster as a siem solution of my network.
Infact I guess this question can be more related with ossim itself than proxmox, but
i would like to know your experience.
Running proxmox machine has 2x4-core xeon e5410 with 16gb ram.
Ossim uses 3 cores of host cpu, because of ssse3 requirement of ossim and 7gb of ram.
On the same machine there is only one guest running additionally, which is a relatively lightweigth pihole/isc-dhcp server,
and it has a cpu load of almost none.
Ossim guest is consuming 100% cpu of 3 cores almost all time, i see python processes are taking all.
I know my server has obsolote cpus according to day but i saw that it can handle a lot of things before.
Ossim installation is new and I didnt bind any data source to ossim, just itself.
I did all updates and upgrades of ossim and to proxmox too.
I didnt try ossim on a dedicated machine so i have no experience what it will do on a standalone server.
What are your thoughts or experiences if you had about this max cpu usage ?
I learned that siem product is a kind of complex, relatively heavy solution but i havent load it now other than its default settings by now.
Can the problem be running in a virtual machine?
Thanks