Hi Luke, Thanks for the bug report. That was indeed a file descriptor leak on the registry reader, so we don't need any additional information.
There is a fix for it in the lastest stable snapshot for Windows: http://www.ossec.net/files/snapshots/ossec-win32-070525.exe Sorry for taking so long to reply to you. I was without access to my windows development system for the last two weeks and unable to take a look at this issue. If you can try this version and let us know how it goes, it would be great. Thanks, -- Daniel B. Cid dcid ( at ) ossec.net On 5/16/07, Luke Bradeen <[EMAIL PROTECTED]> wrote: > > > > > G'day all, > > > > I setup ossec on one of our non-critical windows 2003 servers to test it out > and have been pretty happy with it for the last month. > > Unfortunately it has gobbled up an obscene amount of handles, somewhere in > the range of 890k. Using process explorer I found that most of the handles, > I don't think it showed me all 890k, were for registry keys. I'm using an > almost vanilla configuration file. I restarted the service about an hour ago > and we're back up to 13k handles right now. Another machine that I've been > testing it on is up to 134k handles so it's not completely localized to that > one machine. > > I really have little coding experience and little knowledge of Windows at > this level so please let me know what other information would be useful. > > > > Thanks, > > > > Luke Bradeen
