GRR Rapid Response: remote live forensics for incident response
This message was deleted
Carl Henrik Lunde
How many concurrently open files should I expect on a data server? I'm seeing ~700 now, it looks like systemd defaults to 1024 as I limit and at some point I've reached that. Ref. google/grr#395
I'm wondering if there's a third issue with my setup, that I should not be close to 1024 anyway with just a handfull clients for testing. Now (with 700 files open on two data nodes) I have 700 files/sockets open.
@chlunde yes, set it big if you're using the sqlite datastore
@yskwon0830_twitter we use UTC everywhere, you should set the server to UTC. Supporting anything else is complicated, error prone, and a waste of time for us (there is no timezone we could pick that would make any sense).
@yskwon0830_twitter also, users mailing list will probably get you a faster reply next time
i'd need some help with my first flow. I've made a dummy py file, added to the registry_init file but now the server just doesn't start
I probably screw it but don't know where or what. I made my test directly into the path -> /usr/share/grr-server/lib/python2.7/site-packages/grr/lib/flows/general
k, going to post at github forum
hey, yeah, stick it in an email with the backtrace of what happened when the server wouldn't start
Could anyone tell me if you can configure grr to run commands like taskkill and such ad hoc?