High CPU utilization with Windows Agent
488 views
Skip to first unread message
Black CryptoKnight
Nov 7, 2006, 6:22:42 PM11/7/06
to ossec...@ossec.net
Just passing on something I figured out.
I had been experiencing high CPU utilization (maxed out at 100%) when the Windows OSSEC agent was installed on one of my Windows 2003 servers while on other servers, CPU utilization was very low. It made now sense to me, because the servers were similar, and had very good specs. I finally figured out what the cause was. On the server that was having high CPU utilization, I had configured it to audit object access. This generated many many security event log entries. Once I turned that off, the CPU utilization of the OSSEC agent dropped right down to an average of 4%.
Cheap Talk? Check out Yahoo! Messenger's low PC-to-Phone call rates.
I had been experiencing high CPU utilization (maxed out at 100%) when the Windows OSSEC agent was installed on one of my Windows 2003 servers while on other servers, CPU utilization was very low. It made now sense to me, because the servers were similar, and had very good specs. I finally figured out what the cause was. On the server that was having high CPU utilization, I had configured it to audit object access. This generated many many security event log entries. Once I turned that off, the CPU utilization of the OSSEC agent dropped right down to an average of 4%.
Cheap Talk? Check out Yahoo! Messenger's low PC-to-Phone call rates.
Daniel Cid
Nov 9, 2006, 8:42:32 PM11/9/06
to ossec...@googlegroups.com
Thanks for the information. Btw, if you have some time, it would be very good
to add this kind of information to the wiki. I know some people had problems
with high CPU utilization and having some tips in a centralized location would
be good.
to add this kind of information to the wiki. I know some people had problems
with high CPU utilization and having some tips in a centralized location would
be good.
Thanks for sharing.
--
Daniel B. Cid
dcid ( at ) ossec.net
Black CryptoKnight
Nov 11, 2006, 2:48:20 AM11/11/06
to ossec...@googlegroups.com
Hi Daniel,
I have created a wiki entry for my findings on high CPU utilization with the Windows agent. It is linked to in the tutorial section and can be found at this linkk: http://www.ossec.net/wiki/index.php/High_CPU_usage_on_Windows_agent
Daniel Cid <danie...@gmail.com> wrote:
Visit Jamaica's Tech Portal http://www.techjamaica.com
Want to start your own business? Learn how on Yahoo! Small Business.
I have created a wiki entry for my findings on high CPU utilization with the Windows agent. It is linked to in the tutorial section and can be found at this linkk: http://www.ossec.net/wiki/index.php/High_CPU_usage_on_Windows_agent
Daniel Cid <danie...@gmail.com> wrote:
Thanks for the information. Btw, if you have some time, it would be very good
to add this kind of information to the wiki. I know some people had problems
with high CPU utilization and having some tips in a centralized location would
be good.
Thanks for sharing.
--
Daniel B. Cid
dcid ( at ) ossec.net
On 11/7/06, Black CryptoKnight wrote:
> Just passing on something I figured out.
>
> I had been experiencing high CPU utilization (maxed out at 100%) when the
> Windows OSSEC agent was installed on one of my Windows 2003 servers while on
> other servers, CPU utilization was very low. It made now sense to me,
> because the servers were similar, and had very good specs. I finally figured
> out what the cause was. On the server that was having high CPU utilization,
> I had configured it to audit object access. This generated many many
> security event log entries. Once I turned that off, the CPU utilization of
> the OSSEC agent dropped right down to an average of 4%.
>
>
>
>
> ________________________________
> Cheap Talk? Check out Yahoo! Messenger's low PC-to-Phone call rates.
>
>
Visit Jamaica's Tech Portal http://www.techjamaica.com
Want to start your own business? Learn how on Yahoo! Small Business.
Reply all
Reply to author
Forward
0 new messages