That helped a lot. One thing though. I am not seeing any information getting added to the "agent" table, but the rest is populating.
-Reggie Daniel Cid wrote: > Hi Reggie, > > Try updating your OSSEC server to the following version: > > http://www.ossec.net/dcid/?p=118 > > It should fix your problem. > > Thanks, > > -- > Daniel B. Cid > dcid ( at ) ossec.net > > On Jan 18, 2008 5:14 PM, Reggie Griffin <[EMAIL PROTECTED]> wrote: > >> Ok, I got past the rules. I installed a default local_rules.xml file and >> now I see some information into >> "category", "server" and "location". However, "agents", "alerts", and >> "data" are not receiving anything. >> >> New debug logs: >> >> 2008/01/18 15:57:48 ossec-dbd(5203): Error executing query 'INSERT INTO >> data(id, server_id, "user",full_log) VALUES ('1', '1', '(none)', 'ossec: >> Ossec started.') '. Error: 'You have an error in your SQL syntax; check >> the manual that corresponds to your MySQL server version for the right >> syntax to use near '"user",full_log) VALUES ('1', '1', '(none)', 'ossec: >> Ossec started.')' at line 1'. >> >> And also: >> >> 2008/01/18 15:57:48 ossec-dbd(5202): Error connecting to database >> 'x.x.x.x'(ossec): Can't connect to local MySQL server through socket >> '/var/run/mysqld/mysqld.sock' (2). >> >> This looks to be repeated 10 times, as is listed in internal_options.conf. >> >> Still troubleshooting. >> >> -Reggie >> >> >> >> Reggie Griffin wrote: >> >>> Hello, >>> >>> I just compiled in support for mysql with OSSEC. For some reason, just >>> after loading all the .xml rules files, OSSEC >>> stops talking to mysql. >>> >>> 2008/01/18 13:30:07 ossec-dbd: Connected to database 'ossec' at 'x.x.x.x'. >>> >>> OSSEC connects just fine. >>> >>> Here is some debug output: >>> >>> 2008/01/18 13:21:52 ossec-dbd: DEBUG: read xml for rule >>> '/rules/local_rules.xml'. >>> 2008/01/18 13:21:52 ossec-dbd: DEBUG: XML Variables applied. >>> 2008/01/18 13:21:52 ossec-dbd: DEBUG: entering _Rules_ReadInsertDB() >>> <--- Above line repeated about 50 times --> >>> >>> The local_rules.xml file is the last file loaded into the database, and >>> after that nothing else gets added and ossec-dbd dies. >>> >>> Here is some mysql debug, if it's helpful. >>> >>> 080118 13:36:47 32 Connect [EMAIL PROTECTED] on >>> 32 Query SELECT VERSION() >>> 32 Query SET NAMES utf8 >>> 32 Query SET collation_connection = >>> 'utf8_unicode_ci' >>> 32 Query SET NAMES utf8 >>> 32 Query SET collation_connection = >>> 'utf8_unicode_ci' >>> 32 Query SHOW SESSION VARIABLES LIKE >>> 'collation_connection' >>> 32 Query SHOW SESSION VARIABLES LIKE >>> 'character_set_connection' >>> 32 Query SHOW CHARACTER SET >>> 32 Query SHOW COLLATION >>> 32 Init DB ossec >>> 32 Query SHOW TABLES LIKE >>> 'signature_category_mapping' >>> 32 Init DB ossec >>> 32 Query SHOW TABLE STATUS LIKE >>> 'signature_category_mapping' >>> 32 Query SHOW INDEX FROM >>> `signature_category_mapping` >>> 32 Query SHOW FULL FIELDS FROM >>> `signature_category_mapping` >>> 32 Query SHOW CREATE TABLE >>> `ossec`.`signature_category_mapping` >>> 32 Query SHOW FULL COLUMNS >>> FROM `ossec`.`signature_category_mapping` >>> 32 Quit >>> 080118 13:49:50 9 Quit >>> >>> Nothing jumps out at me, but maybe someone on the list might have an >>> idea. I have around 20 hosts logging to OSSEC, a few which are fairly >>> busy due to ftp and http servers. >>> >>> -Reggie >>> >>> >>> >>> >>> >> -- >> Reggie Griffin >> Deputy Information Technology Security Officer >> Contractor, STG Inc >> NOAA's National Climatic Data Center >> Veach-Baley Federal Building >> 151 Patton Avenue >> Asheville, NC 28801-5001 >> Tel: (828) 271-4286 >> Fax: (828) 271-4246 >> [EMAIL PROTECTED] >> >> >>
