[Windows] [Wazuh] [Memory leak]
83 views
Skip to first unread message
EXP
May 29, 2019, 3:46:35 AM5/29/19
to ossec-list
Hi !
wazuh version : 3.8.0-1
windows : Server 2012 R2 Standard 6.2.9200 x86_64
I found a Memory leak problem on windows.
When wazuh was just started, it used memory about 8M
But it will take up about 0.2M per min.
I wait a long time (about 2 day) , it use Memory 450M :
dan (ddp)
May 29, 2019, 7:13:48 AM5/29/19
to ossec...@googlegroups.com
On Wed, May 29, 2019 at 3:46 AM EXP <lyy289...@gmail.com> wrote:
>
> Hi !
>
> wazuh version : 3.8.0-1
>
> windows : Server 2012 R2 Standard 6.2.9200 x86_64
>
> I found a Memory leak problem on windows.
>
>
> When wazuh was just started, it used memory about 8M
>
>
>
> Hi !
>
> wazuh version : 3.8.0-1
>
> windows : Server 2012 R2 Standard 6.2.9200 x86_64
>
> I found a Memory leak problem on windows.
>
>
> When wazuh was just started, it used memory about 8M
>
>
> But it will take up about 0.2M per min.
>
>
> I wait a long time (about 2 day) , it use Memory 450M :
>
>
>
>
>
>
> I wait a long time (about 2 day) , it use Memory 450M :
>
>
>
>
> This is the memory situation of my machine for the last 2 weeks :
>
>
Does this also happen if you use OSSEC?
>
>
What is your configuration?
>
>
>
>
>
>
>
> --
>
> ---
> You received this message because you are subscribed to the Google Groups "ossec-list" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/ossec-list/e7ec5c67-403d-43a9-a48e-542bd206453b%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
Cristina Garrido López
May 29, 2019, 9:09:27 AM5/29/19
to ossec-list
Hi EXP,
Wazuh v3.8.0 was released with a memory leak, as you have seen, which was fixed for the next release. You can now download the new version which is 3.9.1, where the EventChannel log format has been enhanced with a new organization for the ruleset and some additional fields which were being shown as codes in the event. I hope this information is usefult to you.
Kind regards,
Cristina
Cristina Garrido López
May 29, 2019, 9:09:27 AM5/29/19
to ossec-list
Hi EXP,
Wazuh v3.8.0 was released with a memory leak, as you have seen which was fixed for the next Wazuh version. You can now download the new Wazuh version which is the 3.9.1 where the EventChannel log format has been enhanced with a new organization for the ruleset and some additional fields that usually come as codes in the event. I hope this information is useful to you.
Kind regards,
Cristina
On Wednesday, May 29, 2019 at 9:46:35 AM UTC+2, EXP wrote:
EXP
May 29, 2019, 11:00:03 PM5/29/19
to ossec-list
Hi, Cristina
在 2019年5月29日星期三 UTC+8下午9:09:27,Cristina Garrido López写道:
Do you know which module is causing it?
I want to disable it first.
Because I have about 1000 machine , and if I upgrade the agent , the manager must upgrade and test again.
And you and I can't guarantee that there are no more problems after the upgrade.
Thank you!
在 2019年5月29日星期三 UTC+8下午9:09:27,Cristina Garrido López写道:
EXP
May 29, 2019, 11:05:05 PM5/29/19
to ossec-list
yes, all windows happen
在 2019年5月29日星期三 UTC+8下午7:13:48,dan (ddpbsd)写道:
On Wed, May 29, 2019 at 3:46 AM EXP <lyy289...@gmail.com> wrote:
>
> Hi !
>
> wazuh version : 3.8.0-1
>
> windows : Server 2012 R2 Standard 6.2.9200 x86_64
>
> I found a Memory leak problem on windows.
>
>
> When wazuh was just started, it used memory about 8M
>
>
> But it will take up about 0.2M per min.
>
>
> I wait a long time (about 2 day) , it use Memory 450M :
>
>
>
>
> This is the memory situation of my machine for the last 2 weeks :
>
>
Does this also happen if you use OSSEC?
What is your configuration?
>
>
>
>
>
>
>
> --
>
> ---
> You received this message because you are subscribed to the Google Groups "ossec-list" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to ossec...@googlegroups.com.
Cristina Garrido López
May 30, 2019, 4:38:07 AM5/30/19
to ossec-list
Hi EXP,
The module is logcollector. These leaks will be gone if you remove every localfile block with the eventchannel log format. Also, as an alternative, you can replace every localfile with the eventchannel log format by eventlog so that the events are returned in other format, this won't cause the memory leak to happen.
Kind regards,
Cristina
EXP
Jun 12, 2019, 3:47:37 AM6/12/19
to ossec-list
Hi Cristina,
When I upgrade to 3.9.1, the memory is no problem, but the CPU was keeping on 30% forever ...
If I do anything (eg. AR), it go to 100%
How can I do ?
在 2019年5月30日星期四 UTC+8下午4:38:07,Cristina Garrido López写道:
Cristina Garrido López
Jun 24, 2019, 2:19:37 AM6/24/19
to ossec-list
Hi EXP, and sorry for the late response.
Can you share your system's specs?
Which script are you trying to run with AR? Have you built a custom one?
Kind regards,
Cristina
Reply all
Reply to author
Forward
0 new messages