Hello,
Using the latest release of OSSEC (both local and server installs) on
Ubuntu Hardy, I am experiencing errors when trying to log to a
PostgreSQL database:
2008/05/27 14:52:30 ossec-dbd(5203): ERROR:
Error executing query 'INSERT INTO data(id, server_id, 'user',
full_log) VALUES ('6', '1', '(none)', 'ossec: Ossec started.') '.
Error: 'ERROR: syntax error at or near "'user'"
LINE 1: INSERT INTO data(id, server_id, 'user', full_log) VALUES ('6...
^'.
2008/05/27 14:52:30 ossec-dbd(5209): INFO: Closing connection to database.
2008/05/27 14:52:30 ossec-dbd(5210): INFO: Attempting to reconnect to database.
2008/05/27 14:52:30 ossec-dbd: Connected to database 'ossecdb' at
'192.168.1.222'.
2008/05/27 14:52:30 ossec-dbd(5204): ERROR: Database error. Unable to run query.
I
have read through all issues in the userslist on this problem,
and noticed this was fixed in a v1.4 snapshot. Has this issue
resurface in the 1.5 release? I edited the alert.c
source code and recompiled, with the following replacement. It seems the
double quotes are not being escaped properly in the SQL syntax, so I rewrote it
like so:
/* Inserting data */
if(db_config->db_type == POSTGDB)
{
/* On postgres we need to escape the user field. */
snprintf(sql_query, OS_SIZE_2048,
"INSERT INTO data(id, server_id, \"user\", full_log) VALUES
('%u', '%u', '%s', '%s') ",
db_config->alert_id, db_config->server_id,
al_data->user, al_data->log[0]);
}
This is probably not the best way to fix it, but it works. Hope this is fully
resolved in the next release!
Best regards,
.
_________________________________________________________________
E-mail for the greater good. Join the i’m Initiative from Microsoft.
http://im.live.com/Messenger/IM/Join/Default.aspx?source=EML_WL_ GreaterGood
