Hi Matt, It is very heavy during the time it is running the integrity checking scans since it reads every single file and registry you configured it to monitor.
Outside this period, the load should not be high at all (unless you are monitoring a lot of logs per sec). Thanks, -- Daniel B. Cid dcid ( at ) ossec.net On Mon, Sep 13, 2010 at 12:30 PM, dan (ddp) <ddp...@gmail.com> wrote: > On Mon, Sep 13, 2010 at 10:09 AM, Matt <mgoldsbe...@gmail.com> wrote: >> I recently began using Process Explorer from Sysinternals to monitor >> various aspects of a Windows system that happens to also be running >> the ossec agent. To my surprise, according to Process Explorer, ossec- >> agent.exe is BY FAR the heaviest I/O Reader of any process on the >> system, far more than the next heaviest read I/O process. This really >> surprises me--has anyone else seen this behavior? I fully expected >> the ossec-agent to be lightweight, so perhaps I've misconfigured >> something on my end? >> > > Is it a heavy weight or just heavier than other things? It does quite > a bit of reading: logs, every file configured to be checked for > syscheck, rootcheck, etc. > Without more information than "it's more than something else," I'm not > sure there's a lot we can do to help. >
