how many agents was the host monitoring? I'm monitoring about 20 agents running OSSEC on a virtualized machine with Centos5.5 with only 1 cpu and 1 GB ram and it's hardly breaking 1.0 in cpu utilization. ----- Original Message ----- From: Doug Burks To: [email protected] Sent: Thursday, April 21, 2011 10:17 AM Subject: Re: RE: [ossec-list] All UNIX/LINUX agents disconnecting and failing to reconnect
I had two servers that were exhibiting this behavior (ossec-analysisd using 99% CPU resulting in agents disconnecting). They were both running CentOS 5.5 and I had verified that rebooting the server didn't help. As soon as CentOS 5.6 became available, I upgraded and rebooted, and have not seen this issue since. This could have been a bad interaction with the kernel or some other part of the OS that has been fixed now. For anybody else who has experienced this, were you running CentOS/RHEL 5.5? Can you try updating to 5.6 and see if that helps? Thanks, Doug
