G'day all,
I setup ossec on one of our non-critical windows 2003 servers to test it out and have been pretty happy with it for the last month. Unfortunately it has gobbled up an obscene amount of handles, somewhere in the range of 890k. Using process explorer I found that most of the handles, I don't think it showed me all 890k, were for registry keys. I'm using an almost vanilla configuration file. I restarted the service about an hour ago and we're back up to 13k handles right now. Another machine that I've been testing it on is up to 134k handles so it's not completely localized to that one machine. I really have little coding experience and little knowledge of Windows at this level so please let me know what other information would be useful. Thanks, Luke Bradeen
