Looking at the database schema here:
https://github.com/ossec/ossec-hids/blob/master/src/os_dbd/mysql.schema
There is a column in the alerts table called level. I would do a describe
on your alerts table and make sure that it has all of the expected columns.
MySQL> use ossec; -- this should be the name of your ossec db.
MySQL> describe alerts;
Any column that doesn't exist can be added using an alter statement.
MySQL> ALTER TABLE alerts ADD level TINYINT UNSIGNED BEFORE timstamp AFTER
rule_id;
Josh
On Mon, Apr 10, 2017 at 9:55 AM Dayne Jordan <daynejor...@gmail.com> wrote:
> All has been running fine with 2.8.3 since mid 2016 - no issues at all.
> Decided to update to 2.9 for some JSON functionality and after updating the
> server we are encountering this error:
>
> ossec-dbd(5203): ERROR: Error executing query 'INSERT INTO
> alert(server_id,rule_id,level,timestamp,location_id,src_ip,src_port,dst_ip,dst_port,alertid,user,full_log)
> VALUES ('1', '11401','3','1491834328', '15', 'xx.xx.xx.xx"', '0', '(null)',
> '0', '1491834324.502203', '(null)', 'Mon Apr 10 09:25:23 2017 [pid 7940]
> CONNECT: Client "xx.xx.xx.xx"')'. Error: 'Unknown column 'level' in 'field
> list''
>
>
> We have tried updating a few of the associated agents as well - same error.
> Any ideas?
> OSSEC-2.8.3 to 2.9 RC5
> RHEL 6.8
> MariaDB/MySQL
>
> --
>
> ---
> You received this message because you are subscribed to the Google Groups
> "ossec-list" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ossec-list+unsubscr...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
>
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
