Looking at the database schema here: https://github.com/ossec/ossec-hids/blob/master/src/os_dbd/mysql.schema
There is a column in the alerts table called level. I would do a describe on your alerts table and make sure that it has all of the expected columns. MySQL> use ossec; -- this should be the name of your ossec db. MySQL> describe alerts; Any column that doesn't exist can be added using an alter statement. MySQL> ALTER TABLE alerts ADD level TINYINT UNSIGNED BEFORE timstamp AFTER rule_id; Josh On Mon, Apr 10, 2017 at 9:55 AM Dayne Jordan <daynejor...@gmail.com> wrote: > All has been running fine with 2.8.3 since mid 2016 - no issues at all. > Decided to update to 2.9 for some JSON functionality and after updating the > server we are encountering this error: > > ossec-dbd(5203): ERROR: Error executing query 'INSERT INTO > alert(server_id,rule_id,level,timestamp,location_id,src_ip,src_port,dst_ip,dst_port,alertid,user,full_log) > VALUES ('1', '11401','3','1491834328', '15', 'xx.xx.xx.xx"', '0', '(null)', > '0', '1491834324.502203', '(null)', 'Mon Apr 10 09:25:23 2017 [pid 7940] > CONNECT: Client "xx.xx.xx.xx"')'. Error: 'Unknown column 'level' in 'field > list'' > > > We have tried updating a few of the associated agents as well - same error. > Any ideas? > OSSEC-2.8.3 to 2.9 RC5 > RHEL 6.8 > MariaDB/MySQL > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to ossec-list+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.