On Sat, Jul 22, 2017 at 5:59 AM, Marcin Gołębiowski
<marcin.golebiowsk...@gmail.com> wrote:
> Good day to you all,
> I have a problem with OSSEC/Slack integration. OSSEC version 2.9.0 For an
> unknown reason, the ossec-slack script fires hundreds of Curl processes when
> sending data from alerts.log to the Slack channel basically draining all the
> memory (one process takes ~180 MB). What could be the reason? The size of
> alerts.log file is usually under 1MB.
> The bash script portion responsible for sending data to Slack channel
> remained unmodified:
>
Are the curl processes not exiting? I don't use it, so I'm not
entirely sure how to go about debugging it.
> ALERTFULL=`grep -A 10 "$ALERTTIME" ${PWD}/../logs/alerts/alerts.log | grep
> -v ".$ALERTLAST: " -A 10 | grep -v "Src IP: " | grep -v "User: " |grep
> "Rule: " -A 4 | cut -c -139 | sed 's/\"//g'`
>
>
> PAYLOAD='{"channel": "'"$CHANNEL"'", "username": "'"$SLACKUSER"'", "text":
> "'"${ALERTFULL}"'"}'
>
>
> ls "`which curl`" > /dev/null 2>&1
> if [ ! $? = 0 ]; then
> ls "`which wget`" > /dev/null 2>&1
> if [ $? = 0 ]; then
> wget --keep-session-cookies --post-data="${PAYLOAD}" ${SITE}
> 2>>${PWD}/../logs/active-responses.log
> exit 0;
> fi
> else
> curl -X POST --data-urlencode "payload=${PAYLOAD}" ${SITE}
> 2>>${PWD}/../logs/active-responses.log
> exit 0;
> fi
>
> --
>
> ---
> You received this message because you are subscribed to the Google Groups
> "ossec-list" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ossec-list+unsubscr...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
