On Sat, May 17, 2014 at 2:16 AM, Ashok <[email protected]> wrote: > I am alert when a specifics process called ""stree" uses most cpu > > ps -e -o pcpu,pmem,args --sort=pcpu|tail -n 1 |grep stress > > The above comment returns nothing when stress in not in top otherwise return > something like 93.4 0.0 stress -c 1 -t 60s > > I made this changes > > ossec.conf > > > <localfile> > <log_format>full_command</log_format> > <command>ps -e -o pcpu,pmem,args --sort=pcpu|tail -n 1|grep > stress</command>
Use an alias, it makes things so much easier. > </localfile> > > local_rules.xml > > <rule id="100003" level="8"> > <if_sid>530</if_sid> > <options>alert_by_email</options> > <match>ossec: output: 'ps -e</match> > <check_diff /> > <description>Stress program have Highest CPU usage</description> > </rule> > > It is similar to netstat -tan example given in doc. It is suppose to > work.When run the "stress" , its not reporting but able to list is with ps > -e -o pcpu,pmem,args --sort=pcpu|tail -n 1|grep stress. > > Plz help, I am using "local" setup > Turn on the log all option, having the log message could help. > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
