Hi Peter,
Try some tunning at /var/ossec/etc/internal_options.conf
And which directories are you checking with syscheck?
Regards,
Rodrigo Montoro (Sp0oKeR)
On Jan 18, 2008 7:33 AM, Peter Robinson <[EMAIL PROTECTED]> wrote:
>
>
> Hi OSSEC has been doing a great job for us on around 7 Debian and Ubuntu
> servers for the last few years. Thank you !!
>
> However recently whilst doing some maintenance and server rebuilds we
> have run into problems on 2 machines were we get CPU hitting 90% for
> like 4 days either on analysisd or syscheckd. On one machine (the OSSEC
> server) we removed a large amount of backup ~20 G. On the other machine
> (ossec client to this server) we moved the OSSEC install directory.
>
> Somehow I think the processes are trying to figure out where all this
> data has gone.
>
> We were running on ver 1.2 so I have upgraded to 1.4 using tarball but
> problem happens after a few days. Do you have any solution or guidance
> on how to effectively remove ossec and re-install?
>
> Thanks
>
> Pete
>
>
--
=========================
Rodrigo Ribeiro Montoro
Analista de Segurança
SnortCP / RHCE / LPIC-I
http://spookerlabs.multiply.com
=========================
