Please provide some information about how you have these systems configured (especially syscheck settings), and what they do.
On Wed, May 11, 2011 at 1:05 PM, Jefferson, Shawn <[email protected]> wrote: > > Hi, > > I have OSSEC installed on Ubuntu 10.04.2 LTS 64-bit, and the syscheckd > process is taking a lot of CPU time, and has for the past couple of days. I > haven’t seen this behaviour on other installations, but on three of these > systems that are configured similiarly. Any suggestions on where to look? > Rootkitcheck? > > You can see this one has been running syscheck for days… > > 2011/05/05 20:05:21 ossec-syscheckd: INFO: Starting syscheck scan (forwarding > database). > 2011/05/05 20:05:21 ossec-syscheckd: INFO: Starting syscheck database > (pre-scan). > 2011/05/06 22:21:01 ossec-agentd: INFO: Event count after '20000': > 4664877->3811296 (81%) > 2011/05/08 06:35:39 ossec-agentd: INFO: Event count after '20000': > 4195430->3534200 (84%) > 2011/05/09 15:46:25 ossec-agentd: INFO: Event count after '20000': > 4407799->3661232 (83%) > 2011/05/11 01:30:02 ossec-agentd: INFO: Event count after '20000': > 4909642->3973976 (80%) > > > > Shawn > >
