Hello, I'm running ossec server 2.6 and at log roll over my alerts.log is ~12GB. Ossec-monitord seems to consume a whole bunch of memory and IO to the point the system is unresponsive and the console shows swap completely used. System has 8GB memory and swap. Any idea what would cause this? Would 2.7 fix this?
After rebooting the system, I had available memory and disk space and the system continued as normal, except that /var/ossec/logs/alerts/2013/Jan/ossec-alerts-05.log was uncompressed. Thank you! Log entry: Jan 6 00:18:42 <servername> kernel: Out of memory: Killed process 27993, UID 502, (ossec-monitord).
