Re: [ossec-list] Ossec-slack.sh, curl processes leaks all memory on the server causing it to freeze.

Sun, 23 Jul 2017 09:41:21 -0700 

Exactly, it looks like curl processes are not exiting.

On Saturday, 22 July 2017 19:36:03 UTC+2, dan (ddpbsd) wrote:
>
> On Sat, Jul 22, 2017 at 5:59 AM, Marcin Gołębiowski 
> <marcin.gol...@gmail.com <javascript:>> wrote: 
> > Good day to you all, 
> > I have a problem with OSSEC/Slack integration. OSSEC version 2.9.0 For 
> an 
> > unknown reason, the ossec-slack script fires hundreds of Curl processes 
> when 
> > sending data from alerts.log to the Slack channel basically draining all 
> the 
> > memory (one process takes ~180 MB). What could be the reason? The size 
> of 
> > alerts.log file is usually under 1MB. 
> > The bash script portion responsible for sending data to Slack channel 
> > remained unmodified: 
> > 
>
> Are the curl processes not exiting? I don't use it, so I'm not 
> entirely sure how to go about debugging it. 
>
> > ALERTFULL=`grep -A 10 "$ALERTTIME" ${PWD}/../logs/alerts/alerts.log | 
> grep 
> > -v ".$ALERTLAST: " -A 10 | grep -v "Src IP: " | grep -v "User: " |grep 
> > "Rule: " -A 4 | cut -c -139 | sed 's/\"//g'` 
> > 
> > 
> > PAYLOAD='{"channel": "'"$CHANNEL"'", "username": "'"$SLACKUSER"'", 
> "text": 
> > "'"${ALERTFULL}"'"}' 
> > 
> > 
> > ls "`which curl`" > /dev/null 2>&1 
> > if [ ! $? = 0 ]; then 
> >     ls "`which wget`" > /dev/null 2>&1 
> >     if [ $? = 0 ]; then 
> >         wget --keep-session-cookies --post-data="${PAYLOAD}" ${SITE} 
> > 2>>${PWD}/../logs/active-responses.log 
> >         exit 0; 
> >     fi 
> > else 
> >     curl -X POST --data-urlencode "payload=${PAYLOAD}" ${SITE} 
> > 2>>${PWD}/../logs/active-responses.log 
> >     exit 0; 
> > fi 
> > 
> > -- 
> > 
> > --- 
> > You received this message because you are subscribed to the Google 
> Groups 
> > "ossec-list" group. 
> > To unsubscribe from this group and stop receiving emails from it, send 
> an 
> > email to ossec-list+...@googlegroups.com <javascript:>. 
> > For more options, visit https://groups.google.com/d/optout. 
>

-- 

--- 
You received this message because you are subscribed to the Google Groups 
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to