Memory usage of the Vulnerability Detection module
29 views
Skip to first unread message
QC L
Sep 17, 2025, 4:19:19 AM (6 days ago) Sep 17
to Wazuh | Mailing List
Hello community,
The worker pod was limited 4GB of memory. Monitoring revealed that wazuh-modulesd was out of memory (OOM). demsg showed 3.6GB of memory usage.
Environment:
Wazuh 4.3.10 image
Vulnerability Detection enabled in ossec.conf
Providers enabled: canonical, debian, redhat, msu, nvd(where nvd includes years: 2005-2025)
cve.db SQLite database total size: 1.9GB
Test:
Vulnerability Detection disabled in ossec.conf, and wazuh-modulesd's memory usage was below 300MB. Vulnerability Detection was enabled in ossec.conf, and monitoring the ossec.log revealed that memory usage gradually increased and did not decrease as each provider's rules were loaded. After the rules were loaded, memory usage soared by 2.3GB. When loading package detection, memory usage increased again, causing an OOM.
Consultation:
After version 4.3.10, before the Vulnerability Detection module was refactored, Are there any changes related to Vulnerability Detection memory leaks? I don't want to upgrade to the latest Wazuh version for the time being.
The worker pod was limited 4GB of memory. Monitoring revealed that wazuh-modulesd was out of memory (OOM). demsg showed 3.6GB of memory usage.
Environment:
Wazuh 4.3.10 image
Vulnerability Detection enabled in ossec.conf
Providers enabled: canonical, debian, redhat, msu, nvd(where nvd includes years: 2005-2025)
cve.db SQLite database total size: 1.9GB
Test:
Vulnerability Detection disabled in ossec.conf, and wazuh-modulesd's memory usage was below 300MB. Vulnerability Detection was enabled in ossec.conf, and monitoring the ossec.log revealed that memory usage gradually increased and did not decrease as each provider's rules were loaded. After the rules were loaded, memory usage soared by 2.3GB. When loading package detection, memory usage increased again, causing an OOM.
Consultation:
After version 4.3.10, before the Vulnerability Detection module was refactored, Are there any changes related to Vulnerability Detection memory leaks? I don't want to upgrade to the latest Wazuh version for the time being.
Manuel Jose Cano Rojo
Sep 17, 2025, 5:38:57 AM (6 days ago) Sep 17
to Wazuh | Mailing List
Hi QC!
You can consult the introduced changes and improvements in each version in the public Wazuh changelog.
You can consult the introduced changes and improvements in each version in the public Wazuh changelog.
Regarding your question, I find the following change that was introduced before the vulnerability detector rework (4.8.0) that may fix your scenario:
- [v4.4.2] Fixed memory leaks in Vulnerability Detector after disk failures. (#16478)
Reply all
Reply to author
Forward
0 new messages