With this update I am getting these a few an hour. It varies about 2 to 3 per hour:
From: "psmon@xxx" <psmon@xxx>
To: "xxx" <xxx>
Subject: [psmon/xxx] Spawned 'ossec-syscheckd' with '/sbin/service ossec-hids restart'
Headers: Show All Headers
Command executed: /sbin/service ossec-hids restart
Exit value: 0
Signal number: 0
Dumped core?: 0
Shutting down ossec-hids: [ OK ]
Starting ossec-hids: [ OK ]
It's also happening on two servers and my test server also.
PS - have you seen damn Trend Micro purchased the company that writes ossec? It's on the ossec page. Guess we might see it go away from free