On Fri, May 16, 2014 at 3:19 PM, Ashok <[email protected]> wrote: > Is it possible to send alert when a process uses more cpu like 80% or above. > > or Can I monitor a particular process and report if its cpu usage increases > more than 80% > > How can I do it? > > I tried it like > > <localfile> > <log_format>command</log_format> > <command>df -h</command> > </localfile> > > <rule id=”100101″ level=”7″> > <if_sid>530</if_sid> > <match>ossec: output: ‘top</match> > <regex>100</regex> > <description>Process reached 100% CPU usage</description> > </rule> > > it doesn't work >
It'd probably be a lot easier to write a script to check for that condition and log about it. Then a simple rule can watch for that log and take care of it. > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
