We haven't touched configuration in internal_options nor in syscheck configs and had been running fine for over 2 years then bam!
As part of the syscheck, is there some internal store of data which has gotten into a mess? If so, can I delete it and restart? thanks Pete On Fri, 2008-01-18 at 10:17 -0200, Rodrigo Montoro (Sp0oKeR) wrote: > Hi Peter, > Try some tunning at /var/ossec/etc/internal_options.conf > And which directories are you checking with syscheck? > > Regards, > > Rodrigo Montoro (Sp0oKeR) > > > On Jan 18, 2008 7:33 AM, Peter Robinson <[EMAIL PROTECTED]> wrote: > > > > > > Hi OSSEC has been doing a great job for us on around 7 Debian and Ubuntu > > servers for the last few years. Thank you !! > > > > However recently whilst doing some maintenance and server rebuilds we > > have run into problems on 2 machines were we get CPU hitting 90% for > > like 4 days either on analysisd or syscheckd. On one machine (the OSSEC > > server) we removed a large amount of backup ~20 G. On the other machine > > (ossec client to this server) we moved the OSSEC install directory. > > > > Somehow I think the processes are trying to figure out where all this > > data has gone. > > > > We were running on ver 1.2 so I have upgraded to 1.4 using tarball but > > problem happens after a few days. Do you have any solution or guidance > > on how to effectively remove ossec and re-install? > > > > Thanks > > > > Pete > > > > > > >
