BP9906: Thank you for sharing. It's good to know 2.7 does not have the same memory issue.
On Tuesday, January 8, 2013 9:11:03 AM UTC-8, BP9906 wrote: > > I updated to OSSEC 2.7 and it resolved the issue. > > On Sunday, January 6, 2013 7:06:47 AM UTC-8, BP9906 wrote: >> >> Hello, >> I'm running ossec server 2.6 and at log roll over my alerts.log is ~12GB. >> Ossec-monitord seems to consume a whole bunch of memory and IO to the point >> the system is unresponsive and the console shows swap completely used. >> System has 8GB memory and swap. Any idea what would cause this? Would 2.7 >> fix this? >> >> After rebooting the system, I had available memory and disk space and the >> system continued as normal, except that >> /var/ossec/logs/alerts/2013/Jan/ossec-alerts-05.log was uncompressed. >> >> Thank you! >> >> Log entry: Jan 6 00:18:42 <servername> kernel: Out of memory: Killed >> process 27993, UID 502, (ossec-monitord). >> >> >>
