Hi Caleb, I am interested in replicating the issue to see if I can find what is causing the problem. Here are some questions:
What AMI did you use to launch the AWS instance? How did you install the agent (from rpm, source code)? What version of ossec-hids are you running? Did you modify the default configuration? Thanks! On Fri, Jul 3, 2015 at 7:42 AM, Kat <[email protected]> wrote: > I have seen many issues with CentOS 7 becoming unresponsive. Kernel > issues. Try removing OSSEC, but my guess, it will still hang. Are you > current on all patches? > > -K > > > On Thursday, July 2, 2015 at 6:47:53 PM UTC-7, Caleb P wrote: >> >> If I start OSSEC, my Centos 7 AWS instance becomes unresponsive after a >> short while (under 30 mins usually). httpd and ssh do not respond ever >> until I go into the AWS console to reboot it. >> >> I've looked through various logs, but half the stuff I don't know what it >> is. What logs should I examine for problems, and anything in particular I >> should look for? Has anyone had this happen before? >> >> While running top, the last process to show was ossec-syscheckd when the >> system crashed. It was at 30.2% CPU usage and 0.2% memory. >> PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND >> 1009 root 20 0 5388 1624 672 R 30.2 0.2 0:05.91 >> ossec-syscheckd >> 1290 apache 20 0 561900 15720 4984 S 6.3 1.5 0:00.39 httpd >> 25 root 20 0 0 0 0 R 0.7 0.0 0:00.14 rcuos/0 >> 299 root 0 -20 0 0 0 S 0.3 0.0 0:00.03 >> kworker/0:1H >> 1276 centos 20 0 130024 1816 1276 R 0.3 0.2 0:00.42 top >> 1 root 20 0 56636 6724 3940 S 0.0 0.7 0:02.14 systemd >> >> >> >> Appreciate any suggestions or ideas! Thanks >> Caleb >> >> >> -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
