Hello everyone!
Some days ago, I installed Ossec in server mode with several agents and i configured the database output to mysql ( http://www.ossec.net/wiki/index.php/Know_How:DatabaseOutput ). Ossec's alerts are recorded in the database correctly but when i query the agent table this is empty ( See below ) --------------------------------------------------------------------------------- mysql> use ossec_db; Database changed mysql> select * from data; +----+-----------+--------+-----------------------------------------------------------------------------------------------------------+ | id | server_id | user | full_log | +----+-----------+--------+-----------------------------------------------------------------------------------------------------------+ | 1 | 1 | (none) | ossec: Ossec started. | | 2 | 1 | root | Feb 13 17:41:45 agent1 sshd(pam_unix)[29963]: session opened for user root by root(uid=0) | ------------------------------------------------------------------------------------------------------------------------------------------------------- mysql> select * from agent; Empty set (0.00 sec) ------------------------------------------------ All systems are linux and ossec version is snapshot-080123 (ossec-hids-080123.tar.gz ). I tried ossec-1.4 and ossec-hids-071218.tar.gz with the same result. I use a default configuration. Is this normal? Otherwise, how could someone tell me that I am wrong? How could correct this? PD: Sorry my poor English :-( _________________________________________________________________ La vida de los famosos al desnudo en MSN Entretenimiento http://entretenimiento.es.msn.com/
