|
G’day all, I setup ossec on one of our non-critical windows 2003 servers
to test it out and have been pretty happy with it for the last month. Unfortunately it has gobbled up an obscene amount of
handles, somewhere in the range of 890k. Using process explorer I found that
most of the handles, I don’t think it showed me all 890k, were for
registry keys. I’m using an almost vanilla configuration file. I
restarted the service about an hour ago and we’re back up to 13k handles
right now. Another machine that I’ve been testing it on is up to 134k
handles so it’s not completely localized to that one machine. I really have little coding experience and little knowledge
of Windows at this level so please let me know what other information would be
useful. Thanks, Luke Bradeen |