Hi OSSEC has been doing a great job for us on around 7 Debian and Ubuntu servers for the last few years. Thank you !!
However recently whilst doing some maintenance and server rebuilds we have run into problems on 2 machines were we get CPU hitting 90% for like 4 days either on analysisd or syscheckd. On one machine (the OSSEC server) we removed a large amount of backup ~20 G. On the other machine (ossec client to this server) we moved the OSSEC install directory. Somehow I think the processes are trying to figure out where all this data has gone. We were running on ver 1.2 so I have upgraded to 1.4 using tarball but problem happens after a few days. Do you have any solution or guidance on how to effectively remove ossec and re-install? Thanks Pete
