I am alert when a specifics process called ""stree" uses most cpu
ps -e -o pcpu,pmem,args --sort=pcpu|tail -n 1 |grep stress
The above comment returns nothing when stress in not in top otherwise
return something like 93.4 0.0 stress -c 1 -t 60s
I made this changes
ossec.conf
<localfile>
<log_format>full_command</log_format>
<command>ps -e -o pcpu,pmem,args --sort=pcpu|tail -n 1|grep
stress</command>
</localfile>
local_rules.xml
<rule id="100003" level="8">
<if_sid>530</if_sid>
<options>alert_by_email</options>
<match>ossec: output: 'ps -e</match>
<check_diff />
<description>Stress program have Highest CPU usage</description>
</rule>
It is similar to netstat -tan example given in doc. It is suppose to
work.When run the "stress" , its not reporting but able to list is with ps
-e -o pcpu,pmem,args --sort=pcpu|tail -n 1|grep stress.
Plz help, I am using "local" setup
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
