I updated to OSSEC 2.7 and it resolved the issue.
On Sunday, January 6, 2013 7:06:47 AM UTC-8, BP9906 wrote: > > Hello, > I'm running ossec server 2.6 and at log roll over my alerts.log is ~12GB. > Ossec-monitord seems to consume a whole bunch of memory and IO to the point > the system is unresponsive and the console shows swap completely used. > System has 8GB memory and swap. Any idea what would cause this? Would 2.7 > fix this? > > After rebooting the system, I had available memory and disk space and the > system continued as normal, except that > /var/ossec/logs/alerts/2013/Jan/ossec-alerts-05.log was uncompressed. > > Thank you! > > Log entry: Jan 6 00:18:42 <servername> kernel: Out of memory: Killed > process 27993, UID 502, (ossec-monitord). > > >
