Gerard - You did not specify if the CPU hit is on the server or agent side.
Anyway, a *hack* you can try is deleting the relevant .cpt file located at /var/ossec/queue/syscheck/AGENT_NAME and restarting ossec server. This file signals the server that this agent is ready to process and generate syscheck alerts. OSSEC will generate this file again after completing 2-3 scans. Not so cool but might be better than your exiting experience. -Roy On Friday, May 16, 2014 11:21:33 PM UTC-7, Gerard Petersen wrote: > > Hi All, > > As the subject states, and behaving as expected, Ossec hits my CPU's when > updating the watched directories. It are Wordpress installs to be precise. > I update plugins, etc. from the backend (via a terminal). > > Now the question is this. What would be a good way to avoid this? ... > Since I know it's me changing the files, the performance hit and the > flooded mailbox is unnecessary. > > Ideas: > > - Temporarily stop ossec, update all, start ossec and reinit a syscheck? > - Stop watch 'real time'? > > Any suggestions or thoughts on this are welcome. > > Thanx a lot! > > Kind regards, > > Gerard. > > > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
