ossec-Maild CPU Usage 95% +

25 views
Skip to first unread message

SHADO

unread,
Apr 1, 2020, 12:58:13 PM4/1/20
to ossec-list
Hi!

Did a new install on Ubuntu 18.04 LTS and ossec-Maild is hogging the CPU.


ossecm    PID     1 78 Mar31 ?        07:34:06 /var/ossec/bin/ossec-maild
                                 

 PID USER        PRI   NI  VIRT   RES    SHR   S  CPU%  MEM%   TIME+  Command

PID ossecm     20   0 24756  2768  2512 R 96.0  0.0  7h38:20 /var/ossec/bin/ossec-maild




Have stopped and restart.


Have rebooted.


CPU is low until ossec-maild kicks off.



Suggestions?


Regards

SHADO

Zach Vanderbilt

unread,
Apr 1, 2020, 1:08:25 PM4/1/20
to ossec...@googlegroups.com
What is your mail server doing? Is that responding okay? You could try running ossec-maild in the foreground with the debug flag ( -d) to see if anything interesting appears. 

--

---
You received this message because you are subscribed to the Google Groups "ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ossec-list/460a4b27-be7c-4c84-af3a-e1eaed037372%40googlegroups.com.

dan (ddp)

unread,
Apr 1, 2020, 1:16:25 PM4/1/20
to ossec...@googlegroups.com
Which version of OSSEC?
Anything in the ossec.log on the server?

SHADO

unread,
Apr 1, 2020, 3:13:37 PM4/1/20
to ossec-list
2020/04/01 12:54:01 ossec-maild [dns]: ERROR: connect() failed.
2020/04/01 12:54:01 ossec-maild: ERROR: DNS failure for smtpserver
2020/04/01 12:54:01 ossec-maild: ERROR: No socket.
2020/04/01 12:54:27 ossec-maild(1261): ERROR: Waiting for child process. (status: 256).
2020/04/01 12:54:27 ossec-maild(1223): ERROR: Error Sending email to mail.DOMAIN.com. (smtp server)
2020/04/01 12:58:02 ossec-maild: DEBUG: Running OS_Sendmail()
2020/04/01 12:59:06 ossec-maild [dns]: ERROR: connect() failed.
2020/04/01 12:59:06 ossec-maild: ERROR: DNS failure for smtpserver
2020/04/01 12:59:06 ossec-maild: ERROR: No socket.



Not sure if it was my late night fat fingers but somehow smtp.DOMAIN.com became mail.DOMAIN.com.


Changed it back to smtp.DOMAIN.com, restarted OSSEC and the CPU seems to be back to its normal utilization levels.


Thanks for the nudge to look at the logs.  Was feeling a little lazy after what seemed like a never ending day.


Stay Safe.



On Wednesday, April 1, 2020 at 1:16:25 PM UTC-4, dan (ddpbsd) wrote:

On Wed, Apr 1, 2020 at 12:58 PM SHADO <smar...@gmail.com> wrote:
>
> Hi!
>
> Did a new install on Ubuntu 18.04 LTS and ossec-Maild is hogging the CPU.
>
>
> ossecm    PID     1 78 Mar31 ?        07:34:06 /var/ossec/bin/ossec-maild
>
>
>  PID USER        PRI   NI  VIRT   RES    SHR   S  CPU%  MEM%   TIME+  Command
>
> PID ossecm     20   0 24756  2768  2512 R 96.0  0.0  7h38:20 /var/ossec/bin/ossec-maild
>
>
>
>
> Have stopped and restart.
>
>
> Have rebooted.
>
>
> CPU is low until ossec-maild kicks off.
>
>

Which version of OSSEC?
Anything in the ossec.log on the server?


>
> Suggestions?
>
>
> Regards
>
> SHADO
>
> --
>
> ---
> You received this message because you are subscribed to the Google Groups "ossec-list" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to ossec...@googlegroups.com.
Reply all
Reply to author
Forward
0 new messages