On Sat, Jul 22, 2017 at 5:59 AM, Marcin Gołębiowski <marcin.golebiowsk...@gmail.com> wrote: > Good day to you all, > I have a problem with OSSEC/Slack integration. OSSEC version 2.9.0 For an > unknown reason, the ossec-slack script fires hundreds of Curl processes when > sending data from alerts.log to the Slack channel basically draining all the > memory (one process takes ~180 MB). What could be the reason? The size of > alerts.log file is usually under 1MB. > The bash script portion responsible for sending data to Slack channel > remained unmodified: >
Are the curl processes not exiting? I don't use it, so I'm not entirely sure how to go about debugging it. > ALERTFULL=`grep -A 10 "$ALERTTIME" ${PWD}/../logs/alerts/alerts.log | grep > -v ".$ALERTLAST: " -A 10 | grep -v "Src IP: " | grep -v "User: " |grep > "Rule: " -A 4 | cut -c -139 | sed 's/\"//g'` > > > PAYLOAD='{"channel": "'"$CHANNEL"'", "username": "'"$SLACKUSER"'", "text": > "'"${ALERTFULL}"'"}' > > > ls "`which curl`" > /dev/null 2>&1 > if [ ! $? = 0 ]; then > ls "`which wget`" > /dev/null 2>&1 > if [ $? = 0 ]; then > wget --keep-session-cookies --post-data="${PAYLOAD}" ${SITE} > 2>>${PWD}/../logs/active-responses.log > exit 0; > fi > else > curl -X POST --data-urlencode "payload=${PAYLOAD}" ${SITE} > 2>>${PWD}/../logs/active-responses.log > exit 0; > fi > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to ossec-list+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.