Exactly, it looks like curl processes are not exiting. On Saturday, 22 July 2017 19:36:03 UTC+2, dan (ddpbsd) wrote: > > On Sat, Jul 22, 2017 at 5:59 AM, Marcin Gołębiowski > <marcin.gol...@gmail.com <javascript:>> wrote: > > Good day to you all, > > I have a problem with OSSEC/Slack integration. OSSEC version 2.9.0 For > an > > unknown reason, the ossec-slack script fires hundreds of Curl processes > when > > sending data from alerts.log to the Slack channel basically draining all > the > > memory (one process takes ~180 MB). What could be the reason? The size > of > > alerts.log file is usually under 1MB. > > The bash script portion responsible for sending data to Slack channel > > remained unmodified: > > > > Are the curl processes not exiting? I don't use it, so I'm not > entirely sure how to go about debugging it. > > > ALERTFULL=`grep -A 10 "$ALERTTIME" ${PWD}/../logs/alerts/alerts.log | > grep > > -v ".$ALERTLAST: " -A 10 | grep -v "Src IP: " | grep -v "User: " |grep > > "Rule: " -A 4 | cut -c -139 | sed 's/\"//g'` > > > > > > PAYLOAD='{"channel": "'"$CHANNEL"'", "username": "'"$SLACKUSER"'", > "text": > > "'"${ALERTFULL}"'"}' > > > > > > ls "`which curl`" > /dev/null 2>&1 > > if [ ! $? = 0 ]; then > > ls "`which wget`" > /dev/null 2>&1 > > if [ $? = 0 ]; then > > wget --keep-session-cookies --post-data="${PAYLOAD}" ${SITE} > > 2>>${PWD}/../logs/active-responses.log > > exit 0; > > fi > > else > > curl -X POST --data-urlencode "payload=${PAYLOAD}" ${SITE} > > 2>>${PWD}/../logs/active-responses.log > > exit 0; > > fi > > > > -- > > > > --- > > You received this message because you are subscribed to the Google > Groups > > "ossec-list" group. > > To unsubscribe from this group and stop receiving emails from it, send > an > > email to ossec-list+...@googlegroups.com <javascript:>. > > For more options, visit https://groups.google.com/d/optout. >
-- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.