Solved! To come back to that problem... It turned out, that one of the lists i use to store filehashes was buggy. There were multiple colons ":" and some backslashes in one line. After cleaning each line having only one colon to separate key value and replacing blackslash by slash, the problem was gone.
Am Donnerstag, 24. September 2015 16:45:11 UTC+2 schrieb Thomas Unger: > > Hello, > > i run ossec 2.8.1 compiled from source on a centos (el6 x64) 8GB Box quite > stable for over 2 years (incl prev. ossec versions). > Last week suddenly there was no processing of alerst. It turned out that > ossec-analysisd was killed due to out of memory. > Today it happended again and so i thought i write this message here. > > There were no system changes. The only thing is that i add new custom > rules from time to time. Could this be a problem? > > Any ideas? The os is up todate. reboot after first crash was done. > > > This is an excerpt from var/log/messages > > Sep 18 21:08:47 mybox-time kernel: ossec-analysisd invoked oom-killer: > gfp_mask=0x280da, order=0, oom_adj=0, oom_score_adj=0 > Sep 18 21:08:47 mybox-time kernel: ossec-analysisd cpuset=/ mems_allowed=0 > Sep 18 21:08:47 mybox-time kernel: Pid: 4709, comm: ossec-analysisd Not > tainted 2.6.32-573.3.1.el6.x86_64 #1 > Sep 18 21:08:47 mybox-time kernel: Call Trace: > Sep 18 21:08:47 mybox-time kernel: [<ffffffff810d6dd1>] ? > cpuset_print_task_mems_allowed+0x91/0xb0 > Sep 18 21:08:47 mybox-time kernel: [<ffffffff8112a5d0>] ? > dump_header+0x90/0x1b0 > Sep 18 21:08:47 mybox-time kernel: [<ffffffff81232cbc>] ? > security_real_capable_noaudit+0x3c/0x70 > Sep 18 21:08:47 mybox-time kernel: [<ffffffff8112aa52>] ? > oom_kill_process+0x82/0x2a0 > Sep 18 21:08:47 mybox-time kernel: [<ffffffff8112a991>] ? > select_bad_process+0xe1/0x120 > Sep 18 21:08:47 mybox-time kernel: [<ffffffff8112ae90>] ? > out_of_memory+0x220/0x3c0 > Sep 18 21:08:47 mybox-time kernel: [<ffffffff8113786c>] ? > __alloc_pages_nodemask+0x93c/0x950 > Sep 18 21:08:47 mybox-time kernel: [<ffffffff8117035a>] ? > alloc_pages_vma+0x9a/0x150 > Sep 18 21:08:47 mybox-time kernel: [<ffffffff81152b1d>] ? > handle_pte_fault+0x73d/0xb20 > Sep 18 21:08:47 mybox-time kernel: [<ffffffff8123acf4>] ? > inode_has_perm+0x54/0xa0 > Sep 18 21:08:47 mybox-time kernel: [<ffffffff811b45c0>] ? > mntput_no_expire+0x30/0x110 > Sep 18 21:08:47 mybox-time kernel: [<ffffffff81153199>] ? > handle_mm_fault+0x299/0x3d0 > Sep 18 21:08:47 mybox-time kernel: [<ffffffff8104f156>] ? > __do_page_fault+0x146/0x500 > Sep 18 21:08:47 mybox-time kernel: [<ffffffff81290405>] ? > _atomic_dec_and_lock+0x55/0x80 > Sep 18 21:08:47 mybox-time kernel: [<ffffffff81197514>] ? > cp_new_stat+0xe4/0x100 > Sep 18 21:08:47 mybox-time kernel: [<ffffffff8153e95e>] ? > do_page_fault+0x3e/0xa0 > Sep 18 21:08:47 mybox-time kernel: [<ffffffff8153bd05>] ? > page_fault+0x25/0x30 > Sep 18 21:08:47 mybox-time kernel: Mem-Info: > Sep 18 21:08:47 mybox-time kernel: Node 0 DMA per-cpu: > Sep 18 21:08:47 mybox-time kernel: CPU 0: hi: 0, btch: 1 usd: 0 > Sep 18 21:08:47 mybox-time kernel: CPU 1: hi: 0, btch: 1 usd: 0 > Sep 18 21:08:47 mybox-time kernel: CPU 2: hi: 0, btch: 1 usd: 0 > Sep 18 21:08:47 mybox-time kernel: CPU 3: hi: 0, btch: 1 usd: 0 > Sep 18 21:08:47 mybox-time kernel: Node 0 DMA32 per-cpu: > Sep 18 21:08:47 mybox-time kernel: CPU 0: hi: 186, btch: 31 usd: 37 > Sep 18 21:08:47 mybox-time kernel: CPU 1: hi: 186, btch: 31 usd: 20 > Sep 18 21:08:47 mybox-time kernel: CPU 2: hi: 186, btch: 31 usd: 43 > Sep 18 21:08:47 mybox-time kernel: CPU 3: hi: 186, btch: 31 usd: 30 > Sep 18 21:08:47 mybox-time kernel: Node 0 Normal per-cpu: > Sep 18 21:08:47 mybox-time kernel: CPU 0: hi: 186, btch: 31 usd: 40 > Sep 18 21:08:47 mybox-time kernel: CPU 1: hi: 186, btch: 31 usd: 155 > Sep 18 21:08:47 mybox-time kernel: CPU 2: hi: 186, btch: 31 usd: 125 > Sep 18 21:08:47 mybox-time kernel: CPU 3: hi: 186, btch: 31 usd: 48 > Sep 18 21:08:47 mybox-time kernel: active_anon:1614908 > inactive_anon:328929 isolated_anon:0 > Sep 18 21:08:47 mybox-time kernel: active_file:48 inactive_file:1234 > isolated_file:0 > Sep 18 21:08:47 mybox-time kernel: unevictable:0 dirty:12 writeback:0 > unstable:0 > Sep 18 21:08:47 mybox-time kernel: free:25770 slab_reclaimable:2230 > slab_unreclaimable:15166 > Sep 18 21:08:47 mybox-time kernel: mapped:226 shmem:19 pagetables:8230 > bounce:0 > Sep 18 21:08:47 mybox-time kernel: Node 0 DMA free:15660kB min:124kB > low:152kB high:184kB active_anon:0kB inactive_anon:0kB active_file:0kB > inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB > present:15268kB mlocked:0kB dirty:0kB writeback:0kB mapped:0kB shmem:0kB > slab_reclaimable:0kB slab_unreclaimable:0kB kernel_stack:0kB pagetables:0kB > unstable:0kB bounce:0kB writeback_tmp:0kB pages_scanned:0 > all_unreclaimable? yes > Sep 18 21:08:47 mybox-time kernel: lowmem_reserve[]: 0 3000 8050 8050 > Sep 18 21:08:47 mybox-time kernel: Node 0 DMA32 free:45112kB min:25140kB > low:31424kB high:37708kB active_anon:2181396kB inactive_anon:572004kB > active_file:16kB inactive_file:388kB unevictable:0kB isolated(anon):0kB > isolated(file):0kB present:3072160kB mlocked:0kB dirty:8kB writeback:0kB > mapped:16kB shmem:0kB slab_reclaimable:436kB slab_unreclaimable:200kB > kernel_stack:0kB pagetables:2532kB unstable:0kB bounce:0kB > writeback_tmp:0kB pages_scanned:43 all_unreclaimable? yes > Sep 18 21:08:47 mybox-time kernel: lowmem_reserve[]: 0 0 5050 5050 > Sep 18 21:08:47 mybox-time kernel: Node 0 Normal free:42308kB min:42316kB > low:52892kB high:63472kB active_anon:4278236kB inactive_anon:743712kB > active_file:176kB inactive_file:4548kB unevictable:0kB isolated(anon):0kB > isolated(file):0kB present:5171200kB mlocked:0kB dirty:40kB writeback:0kB > mapped:888kB shmem:76kB slab_reclaimable:8484kB slab_unreclaimable:60464kB > kernel_stack:2336kB pagetables:30388kB unstable:0kB bounce:0kB > writeback_tmp:0kB pages_scanned:32 all_unreclaimable? yes > Sep 18 21:08:47 mybox-time kernel: lowmem_reserve[]: 0 0 0 0 > Sep 18 21:08:47 mybox-time kernel: Node 0 DMA: 1*4kB 1*8kB 0*16kB 1*32kB > 2*64kB 1*128kB 0*256kB 0*512kB 1*1024kB 1*2048kB 3*4096kB = 15660kB > Sep 18 21:08:47 mybox-time kernel: Node 0 DMA32: 118*4kB 166*8kB 139*16kB > 68*32kB 36*64kB 36*128kB 27*256kB 19*512kB 13*1024kB 1*2048kB 0*4096kB = > 45112kB > Sep 18 21:08:47 mybox-time kernel: Node 0 Normal: 367*4kB 283*8kB 213*16kB > 141*32kB 105*64kB 79*128kB 40*256kB 7*512kB 0*1024kB 0*2048kB 0*4096kB = > 42308kB > Sep 18 21:08:47 mybox-time kernel: 9429 total pagecache pages > Sep 18 21:08:47 mybox-time kernel: 8126 pages in swap cache > Sep 18 21:08:47 mybox-time kernel: Swap cache stats: add 3505138, delete > 3497012, find 18417/19493 > Sep 18 21:08:47 mybox-time kernel: Free swap = 0kB > Sep 18 21:08:47 mybox-time kernel: Total swap = 8208380kB > Sep 18 21:08:47 mybox-time kernel: 2097136 pages RAM > Sep 18 21:08:47 mybox-time kernel: 81896 pages reserved > Sep 18 21:08:47 mybox-time kernel: 689 pages shared > Sep 18 21:08:47 mybox-time kernel: 1984853 pages non-shared > Sep 18 21:08:47 mybox-time kernel: [ pid ] uid tgid total_vm rss > cpu oom_adj oom_score_adj name > Sep 18 21:08:47 mybox-time kernel: [ 573] 0 573 2893 0 > 0 -17 -1000 udevd > Sep 18 21:08:47 mybox-time kernel: [ 1650] 0 1650 23283 38 > 2 -17 -1000 auditd > Sep 18 21:08:47 mybox-time kernel: [ 1652] 0 1652 20509 34 > 2 0 0 audispd > Sep 18 21:08:47 mybox-time kernel: [ 1655] 0 1655 5314 18 > 1 0 0 sedispatch > Sep 18 21:08:47 mybox-time kernel: [ 1674] 0 1674 102749 260 > 1 0 0 rsyslogd > Sep 18 21:08:47 mybox-time kernel: [ 1692] 0 1692 6655 0 > 0 0 0 syslog-ng > Sep 18 21:08:47 mybox-time kernel: [ 1693] 0 1693 13913 175 > 2 0 0 syslog-ng > Sep 18 21:08:47 mybox-time kernel: [ 1720] 81 1720 7919 1 > 1 0 0 dbus-daemon > Sep 18 21:08:47 mybox-time kernel: [ 1772] 0 1772 16556 26 > 1 -17 -1000 sshd > Sep 18 21:08:47 mybox-time kernel: [ 1851] 0 1851 20356 58 > 2 0 0 master > Sep 18 21:08:47 mybox-time kernel: [ 1863] 0 1863 29215 81 > 2 0 0 crond > Sep 18 21:08:47 mybox-time kernel: [ 1878] 89 1878 20419 22 > 1 0 0 qmgr > Sep 18 21:08:47 mybox-time kernel: [ 1944] 0 1944 1016 1 > 3 0 0 mingetty > Sep 18 21:08:47 mybox-time kernel: [ 1946] 0 1946 1016 1 > 2 0 0 mingetty > Sep 18 21:08:47 mybox-time kernel: [ 1948] 0 1948 1016 1 > 2 0 0 mingetty > Sep 18 21:08:47 mybox-time kernel: [ 1950] 0 1950 1016 1 > 2 0 0 mingetty > Sep 18 21:08:47 mybox-time kernel: [ 1952] 0 1952 1016 1 > 2 0 0 mingetty > Sep 18 21:08:47 mybox-time kernel: [ 1954] 0 1954 1016 1 > 1 0 0 mingetty > Sep 18 21:08:47 mybox-time kernel: [ 1961] 0 1961 3082 0 > 2 -17 -1000 udevd > Sep 18 21:08:47 mybox-time kernel: [ 1962] 0 1962 3082 0 > 0 -17 -1000 udevd > Sep 18 21:08:47 mybox-time kernel: [ 4699] 496 4699 2217 90 > 2 0 0 ossec-csyslogd > Sep 18 21:08:47 mybox-time kernel: [ 4705] 0 4705 3295 36 > 2 0 0 ossec-execd > Sep 18 21:08:47 mybox-time kernel: [ 4709] 498 4709 3986524 1934514 > 0 0 0 ossec-analysisd > Sep 18 21:08:47 mybox-time kernel: [ 4713] 0 4713 1049 50 > 2 0 0 ossec-logcollec > Sep 18 21:08:47 mybox-time kernel: [ 4718] 497 4718 40059 169 > 3 0 0 ossec-remoted > Sep 18 21:08:47 mybox-time kernel: [ 4724] 0 4724 1234 211 > 2 0 0 ossec-syscheckd > Sep 18 21:08:47 mybox-time kernel: [ 4728] 498 4728 1604 97 > 2 0 0 ossec-monitord > Sep 18 21:08:47 mybox-time kernel: [12935] 89 12935 20376 253 > 0 0 0 pickup > Sep 18 21:08:47 mybox-time kernel: Out of memory: Kill process 4709 > (ossec-analysisd) score 981 or sacrifice child > Sep 18 21:08:47 mybox-time kernel: Killed process 4709, UID 498, > (ossec-analysisd) total-vm:15946096kB, anon-rss:7737676kB, file-rss:380kB > > ... > Sep 24 14:19:39 mybox-time kernel: ossec-analysisd invoked oom-killer: > gfp_mask=0x201da, order=0, oom_adj=0, oom_score_adj=0 > Sep 24 14:19:39 mybox-time kernel: ossec-analysisd cpuset=/ mems_allowed=0 > Sep 24 14:19:39 mybox-time kernel: Pid: 19378, comm: ossec-analysisd Not > tainted 2.6.32-573.3.1.el6.x86_64 #1 > Sep 24 14:19:39 mybox-time kernel: Call Trace: > Sep 24 14:19:39 mybox-time kernel: [<ffffffff810d6dd1>] ? > cpuset_print_task_mems_allowed+0x91/0xb0 > Sep 24 14:19:39 mybox-time kernel: [<ffffffff8112a5d0>] ? > dump_header+0x90/0x1b0 > Sep 24 14:19:39 mybox-time kernel: [<ffffffff81232cbc>] ? > security_real_capable_noaudit+0x3c/0x70 > Sep 24 14:19:39 mybox-time kernel: [<ffffffff8112aa52>] ? > oom_kill_process+0x82/0x2a0 > Sep 24 14:19:39 mybox-time kernel: [<ffffffff8112a991>] ? > select_bad_process+0xe1/0x120 > Sep 24 14:19:39 mybox-time kernel: [<ffffffff8112ae90>] ? > out_of_memory+0x220/0x3c0 > Sep 24 14:19:39 mybox-time kernel: [<ffffffff8113786c>] ? > __alloc_pages_nodemask+0x93c/0x950 > Sep 24 14:19:39 mybox-time kernel: [<ffffffff8117025a>] ? > alloc_pages_current+0xaa/0x110 > Sep 24 14:19:39 mybox-time kernel: [<ffffffff8117025a>] ? > alloc_pages_current+0xaa/0x110 > Sep 24 14:19:39 mybox-time kernel: [<ffffffff811279c7>] ? > __page_cache_alloc+0x87/0x90 > Sep 24 14:19:39 mybox-time kernel: [<ffffffff811273ae>] ? > find_get_page+0x1e/0xa0 > Sep 24 14:19:39 mybox-time kernel: [<ffffffff81129305>] ? > generic_file_aio_read+0x585/0x700 > Sep 24 14:19:39 mybox-time kernel: [<ffffffff8119191a>] ? > do_sync_read+0xfa/0x140 > Sep 24 14:19:39 mybox-time kernel: [<ffffffff810a14b0>] ? > autoremove_wake_function+0x0/0x40 > Sep 24 14:19:39 mybox-time kernel: [<ffffffff81197514>] ? > cp_new_stat+0xe4/0x100 > Sep 24 14:19:39 mybox-time kernel: [<ffffffff8123e96b>] ? > selinux_file_permission+0xfb/0x150 > Sep 24 14:19:39 mybox-time kernel: [<ffffffff812316d6>] ? > security_file_permission+0x16/0x20 > Sep 24 14:19:39 mybox-time kernel: [<ffffffff81192215>] ? > vfs_read+0xb5/0x1a0 > Sep 24 14:19:39 mybox-time kernel: [<ffffffff81192fc6>] ? > fget_light_pos+0x16/0x50 > Sep 24 14:19:39 mybox-time kernel: [<ffffffff81192561>] ? > sys_read+0x51/0xb0 > Sep 24 14:19:39 mybox-time kernel: [<ffffffff810e88ae>] ? > __audit_syscall_exit+0x25e/0x290 > Sep 24 14:19:39 mybox-time kernel: [<ffffffff8100b0d2>] ? > system_call_fastpath+0x16/0x1b > Sep 24 14:19:39 mybox-time kernel: Mem-Info: > Sep 24 14:19:39 mybox-time kernel: Node 0 DMA per-cpu: > Sep 24 14:19:39 mybox-time kernel: CPU 0: hi: 0, btch: 1 usd: 0 > Sep 24 14:19:39 mybox-time kernel: CPU 1: hi: 0, btch: 1 usd: 0 > Sep 24 14:19:39 mybox-time kernel: CPU 2: hi: 0, btch: 1 usd: 0 > Sep 24 14:19:39 mybox-time kernel: CPU 3: hi: 0, btch: 1 usd: 0 > Sep 24 14:19:39 mybox-time kernel: Node 0 DMA32 per-cpu: > Sep 24 14:19:39 mybox-time kernel: CPU 0: hi: 186, btch: 31 usd: 59 > Sep 24 14:19:39 mybox-time kernel: CPU 1: hi: 186, btch: 31 usd: 7 > Sep 24 14:19:39 mybox-time kernel: CPU 2: hi: 186, btch: 31 usd: 112 > Sep 24 14:19:39 mybox-time kernel: CPU 3: hi: 186, btch: 31 usd: 0 > Sep 24 14:19:39 mybox-time kernel: Node 0 Normal per-cpu: > Sep 24 14:19:39 mybox-time kernel: CPU 0: hi: 186, btch: 31 usd: 30 > Sep 24 14:19:39 mybox-time kernel: CPU 1: hi: 186, btch: 31 usd: 104 > Sep 24 14:19:39 mybox-time kernel: CPU 2: hi: 186, btch: 31 usd: 52 > Sep 24 14:19:39 mybox-time kernel: CPU 3: hi: 186, btch: 31 usd: 33 > Sep 24 14:19:39 mybox-time kernel: active_anon:1614611 > inactive_anon:327296 isolated_anon:0 > Sep 24 14:19:39 mybox-time kernel: active_file:1742 inactive_file:1555 > isolated_file:0 > Sep 24 14:19:39 mybox-time kernel: unevictable:0 dirty:8 writeback:0 > unstable:0 > Sep 24 14:19:39 mybox-time kernel: free:25780 slab_reclaimable:2114 > slab_unreclaimable:15148 > Sep 24 14:19:39 mybox-time kernel: mapped:224 shmem:40 pagetables:8253 > bounce:0 > Sep 24 14:19:39 mybox-time kernel: Node 0 DMA free:15660kB min:124kB > low:152kB high:184kB active_anon:0kB inactive_anon:0kB active_file:0kB > inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB > present:15268kB mlocked:0kB dirty:0kB writeback:0kB mapped:0kB shmem:0kB > slab_reclaimable:0kB slab_unreclaimable:0kB kernel_stack:0kB pagetables:0kB > unstable:0kB bounce:0kB writeback_tmp:0kB pages_scanned:0 > all_unreclaimable? yes > Sep 24 14:19:39 mybox-time kernel: lowmem_reserve[]: 0 3000 8050 8050 > Sep 24 14:19:39 mybox-time kernel: Node 0 DMA32 free:45256kB min:25140kB > low:31424kB high:37708kB active_anon:2170076kB inactive_anon:578776kB > active_file:4kB inactive_file:900kB unevictable:0kB isolated(anon):0kB > isolated(file):0kB present:3072160kB mlocked:0kB dirty:4kB writeback:0kB > mapped:0kB shmem:0kB slab_reclaimable:132kB slab_unreclaimable:696kB > kernel_stack:16kB pagetables:5832kB unstable:0kB bounce:0kB > writeback_tmp:0kB pages_scanned:181 all_unreclaimable? yes > Sep 24 14:19:39 mybox-time kernel: lowmem_reserve[]: 0 0 5050 5050 > Sep 24 14:19:39 mybox-time kernel: Node 0 Normal free:42204kB min:42316kB > low:52892kB high:63472kB active_anon:4288368kB inactive_anon:730408kB > active_file:6964kB inactive_file:5320kB unevictable:0kB isolated(anon):0kB > isolated(file):0kB present:5171200kB mlocked:0kB dirty:28kB writeback:0kB > mapped:896kB shmem:160kB slab_reclaimable:8324kB slab_unreclaimable:59896kB > kernel_stack:2336kB pagetables:27180kB unstable:0kB bounce:0kB > writeback_tmp:0kB pages_scanned:107 all_unreclaimable? yes > Sep 24 14:19:39 mybox-time kernel: lowmem_reserve[]: 0 0 0 0 > Sep 24 14:19:39 mybox-time kernel: Node 0 DMA: 1*4kB 1*8kB 0*16kB 1*32kB > 2*64kB 1*128kB 0*256kB 0*512kB 1*1024kB 1*2048kB 3*4096kB = 15660kB > Sep 24 14:19:39 mybox-time kernel: Node 0 DMA32: 272*4kB 279*8kB 107*16kB > 41*32kB 28*64kB 26*128kB 16*256kB 16*512kB 13*1024kB 4*2048kB 0*4096kB = > 45256kB > Sep 24 14:19:39 mybox-time kernel: Node 0 Normal: 593*4kB 421*8kB 245*16kB > 143*32kB 83*64kB 53*128kB 22*256kB 18*512kB 1*1024kB 0*2048kB 0*4096kB = > 42204kB > Sep 24 14:19:39 mybox-time kernel: 8236 total pagecache pages > Sep 24 14:19:39 mybox-time kernel: 4829 pages in swap cache > Sep 24 14:19:39 mybox-time kernel: Swap cache stats: add 2055035, delete > 2050206, find 4693/5055 > Sep 24 14:19:39 mybox-time kernel: Free swap = 0kB > Sep 24 14:19:39 mybox-time kernel: Total swap = 8208380kB > Sep 24 14:19:39 mybox-time kernel: 2097136 pages RAM > Sep 24 14:19:39 mybox-time kernel: 81896 pages reserved > Sep 24 14:19:39 mybox-time kernel: 613 pages shared > Sep 24 14:19:39 mybox-time kernel: 1984991 pages non-shared > Sep 24 14:19:39 mybox-time kernel: [ pid ] uid tgid total_vm rss > cpu oom_adj oom_score_adj name > Sep 24 14:19:39 mybox-time kernel: [ 578] 0 578 2882 0 > 0 -17 -1000 udevd > Sep 24 14:19:39 mybox-time kernel: [ 1662] 0 1662 23283 42 > 2 -17 -1000 auditd > Sep 24 14:19:39 mybox-time kernel: [ 1664] 0 1664 20509 34 > 2 0 0 audispd > Sep 24 14:19:39 mybox-time kernel: [ 1666] 0 1666 5314 18 > 3 0 0 sedispatch > Sep 24 14:19:39 mybox-time kernel: [ 1686] 0 1686 102749 208 > 3 0 0 rsyslogd > Sep 24 14:19:39 mybox-time kernel: [ 1704] 0 1704 6655 2 > 0 0 0 syslog-ng > Sep 24 14:19:39 mybox-time kernel: [ 1705] 0 1705 13781 174 > 2 0 0 syslog-ng > Sep 24 14:19:39 mybox-time kernel: [ 1732] 81 1732 7919 1 > 2 0 0 dbus-daemon > Sep 24 14:19:39 mybox-time kernel: [ 1783] 0 1783 16556 25 > 2 -17 -1000 sshd > Sep 24 14:19:39 mybox-time kernel: [ 1863] 0 1863 20356 57 > 3 0 0 master > Sep 24 14:19:39 mybox-time kernel: [ 1876] 89 1876 20419 22 > 2 0 0 qmgr > Sep 24 14:19:39 mybox-time kernel: [ 1877] 0 1877 29215 81 > 2 0 0 crond > Sep 24 14:19:39 mybox-time kernel: [ 1977] 0 1977 1016 1 > 3 0 0 mingetty > Sep 24 14:19:39 mybox-time kernel: [ 1979] 0 1979 1016 1 > 3 0 0 mingetty > Sep 24 14:19:39 mybox-time kernel: [ 1981] 0 1981 1016 1 > 3 0 0 mingetty > Sep 24 14:19:39 mybox-time kernel: [ 1983] 0 1983 1016 1 > 3 0 0 mingetty > Sep 24 14:19:39 mybox-time kernel: [ 1985] 0 1985 1016 1 > 3 0 0 mingetty > Sep 24 14:19:39 mybox-time kernel: [ 1987] 0 1987 1016 1 > 3 0 0 mingetty > Sep 24 14:19:39 mybox-time kernel: [ 1995] 0 1995 3095 0 > 2 -17 -1000 udevd > Sep 24 14:19:39 mybox-time kernel: [ 8882] 0 8882 2836 0 > 3 -17 -1000 udevd > Sep 24 14:19:39 mybox-time kernel: [19368] 496 19368 2238 87 > 2 0 0 ossec-csyslogd > Sep 24 14:19:39 mybox-time kernel: [19374] 0 19374 1560 18 > 2 0 0 ossec-execd > Sep 24 14:19:39 mybox-time kernel: [19378] 498 19378 3987376 1935926 > 0 0 0 ossec-analysisd > Sep 24 14:19:39 mybox-time kernel: [19382] 0 19382 1072 54 > 2 0 0 ossec-logcollec > Sep 24 14:19:39 mybox-time kernel: [19387] 497 19387 40087 163 > 1 0 0 ossec-remoted > Sep 24 14:19:39 mybox-time kernel: [19393] 0 19393 1258 230 > 1 0 0 ossec-syscheckd > Sep 24 14:19:39 mybox-time kernel: [19397] 498 19397 1622 47 > 2 0 0 ossec-monitord > Sep 24 14:19:39 mybox-time kernel: [27592] 89 27592 20376 253 > 2 0 0 pickup > Sep 24 14:19:39 mybox-time kernel: Out of memory: Kill process 19378 > (ossec-analysisd) score 981 or sacrifice child > Sep 24 14:19:39 mybox-time kernel: Killed process 19378, UID 498, > (ossec-analysisd) total-vm:15949504kB, anon-rss:7743288kB, file-rss:416kB > > > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
