Hi,
Are you using active response? Those file are regarding to OSSEC
active-response, if you are not using it you can disable it editing
ossec.conf file:
<active-response>
<disabled>yes</disabled>
</active-response>
Best regards,
Pedro S.
On Friday, February 5, 2016 at 9:17:48 AM UTC+1, Giorgio Biondi wrote:
>
> Hi at all
>
> nobody have this behavior ?
>
> Good weekend
>
> Il giorno venerdì 22 gennaio 2016 11:57:46 UTC+1, Giorgio Biondi ha
> scritto:
>>
>> Hi,
>>
>> I have some linuxbox with ossec installed and work fine.
>> One of this have always some (or much more) process in status 'Z' zombie
>>
>> See this:
>>
>> USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
>> root 25003 0.2 0.1 108212 1952 pts/0 S+ 11:53 0:00 watch ps
>> aux | grep Z
>> root 25416 0.0 0.0 0 0 ? Z 11:55 0:00
>> [host-deny.sh] <defunct>
>> root 25417 0.0 0.0 0 0 ? Z 11:55 0:00
>> [firewall-drop.s] <defunct>
>> root 25418 0.0 0.0 0 0 ? Z 11:55 0:00
>> [host-deny.sh] <defunct>
>> root 25419 0.0 0.0 0 0 ? Z 11:55 0:00
>> [firewall-drop.s] <defunct>
>> root 25482 0.0 0.0 106060 1248 pts/0 S+ 11:55 0:00 sh -c ps
>> aux | grep Z
>> root 25484 0.0 0.0 103256 860 pts/0 S+ 11:55 0:00 grep Z
>>
>>
>> This process regarding ossec system.. apart this ossec system work fine..
>> or seems fine..
>>
>> If stop service ossec I have a very huge load but this is a 'known
>> behaviur'.
>>
>> All the best.
>>
>> Giorgio Biondi.
>>
>
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
