Hello,
One of my OSSEC server is always busy (100% CPU) for some days, with ossec-remoted between 90% and 100% CPU. This server manages about 65 agents only. What can explain this high CPU utilization and how can I solve it? I already restarted OSSEC services and the whole server.
Cordialement / Kind regards
Sylvain Crouet
Security Officer - Security is everybody’s responsibility
Mobile +33 (0) 7 75 24 10 28
Neocase™ Software is a leading provider of integrated HR and Finance service delivery solutions.
Hello,
How can I identify the agent on which I should do that? I already stopped the most verbose agents, and there is no change on CPU.
Cordialement / Regards
Sylvain Crouet
Security Officer - Security is everybody’s responsibility
Mobile +33 (0) 7 75 24 10 28
Neocase™ Software is a leading provider of integrated HR and Finance service delivery solutions.
--
---
You received this message because you are subscribed to the Google Groups "ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to
ossec-list+...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
--
---
You received this message because you are subscribed to a topic in the Google Groups "ossec-list" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/ossec-list/ZzcTfmQTaXE/unsubscribe.
To unsubscribe from this group and all its topics, send an email to ossec-list+unsubscribe@googlegroups.com.
Done, very informative indeed. Thank you Brett.
Cordialement / Regards
Sylvain Crouet
Security Officer - Security is everybody’s responsibility
Mobile +33 (0) 7 75 24 10 28
--
To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
--
---
You received this message because you are subscribed to a topic in the Google Groups "ossec-list" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/ossec-list/ZzcTfmQTaXE/unsubscribe.
To unsubscribe from this group and all its topics, send an email to ossec-list+...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
--
---
You received this message because you are subscribed to the Google Groups "ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+...@googlegroups.com.
Hello,
I updated the shared agent.conf file to discard some Windows events. But I notice that Windows 2.9.0 agents do not receive this shared configuration file, while 2.8.3 and 2.9.2 do. Below is the ouput of deployment checking script:
Current version: c0db7baf32df4a94479756bd6a8c2e63
001 v2.8.3/c0db7baf32df4a94479756bd6a8c2e63 OK
002 v2.8.3/c0db7baf32df4a94479756bd6a8c2e63 OK
003 v2.8.3/c0db7baf32df4a94479756bd6a8c2e63 OK
004 v2.8.3/c0db7baf32df4a94479756bd6a8c2e63 OK
005 v2.8.3/c0db7baf32df4a94479756bd6a8c2e63 OK
007 v2.8.3/c0db7baf32df4a94479756bd6a8c2e63 OK
008 v2.8.3/c0db7baf32df4a94479756bd6a8c2e63 OK
009 v2.8.3/c0db7baf32df4a94479756bd6a8c2e63 OK
010 v2.8.3/c0db7baf32df4a94479756bd6a8c2e63 OK
011 v2.8.3/c0db7baf32df4a94479756bd6a8c2e63 OK
012 v2.8.3/c0db7baf32df4a94479756bd6a8c2e63 OK
013 v2.8.3/c0db7baf32df4a94479756bd6a8c2e63 OK
014 v2.8.3/c0db7baf32df4a94479756bd6a8c2e63 OK
015 v2.8.3/c0db7baf32df4a94479756bd6a8c2e63 OK
016 v2.8.3/c0db7baf32df4a94479756bd6a8c2e63 OK
017 v2.8.3/c0db7baf32df4a94479756bd6a8c2e63 OK
018 v2.9.0/3757083ea8656e6141cafb893b55488b NOK
019 v2.9.0/3757083ea8656e6141cafb893b55488b NOK
022 v2.8.3/c0db7baf32df4a94479756bd6a8c2e63 OK
023 v2.8.3/c0db7baf32df4a94479756bd6a8c2e63 OK
024 v2.9.0 NOK
025 v2.9.0 NOK
The OSSEC server version is 2.9.2.
Any idea?
Cordialement / Regards
Sylvain Crouet
Security Officer - Security is everybody’s responsibility
Mobile +33 (0) 7 75 24 10 28
Hello,
I updated the shared agent.conf file to discard some Windows events. But I notice that Windows 2.9.0 agents do not receive this shared configuration file, while 2.8.3 and 2.9.2 do. Below is the ouput of deployment checking script:
--
To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
--
---
You received this message because you are subscribed to a topic in the Google Groups "ossec-list" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/ossec-list/ZzcTfmQTaXE/unsubscribe.
To unsubscribe from this group and all its topics, send an email to ossec-list+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
--
---
You received this message because you are subscribed to the Google Groups "ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
--
---
You received this message because you are subscribed to the Google Groups "ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
--
---
You received this message because you are subscribed to a topic in the Google Groups "ossec-list" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/ossec-list/ZzcTfmQTaXE/unsubscribe.
To unsubscribe from this group and all its topics, send an email to ossec-list+unsubscribe@googlegroups.com.