On Mon, Sep 13, 2010 at 10:09 AM, Matt <mgoldsbe...@gmail.com> wrote: > I recently began using Process Explorer from Sysinternals to monitor > various aspects of a Windows system that happens to also be running > the ossec agent. To my surprise, according to Process Explorer, ossec- > agent.exe is BY FAR the heaviest I/O Reader of any process on the > system, far more than the next heaviest read I/O process. This really > surprises me--has anyone else seen this behavior? I fully expected > the ossec-agent to be lightweight, so perhaps I've misconfigured > something on my end? >
Is it a heavy weight or just heavier than other things? It does quite a bit of reading: logs, every file configured to be checked for syscheck, rootcheck, etc. Without more information than "it's more than something else," I'm not sure there's a lot we can do to help.
