On 8 apr, 18:06, tm <[email protected]> wrote: > Hello, > > I have an OSSEC 2.4 server with 5 OSSEC 2.4 agents. When I installed > the server, I added MySQL database support. All of the tables seems > to be populated with records as time progresses except for the agent > table. The structure of the table is as follows: > > mysql> describe agent; > +--------------+----------------------+------+-----+--------- > +----------------+ > | Field | Type | Null | Key | Default | > Extra | > +--------------+----------------------+------+-----+--------- > +----------------+ > | id | smallint(5) unsigned | NO | PRI | NULL | > auto_increment | > | server_id | smallint(5) unsigned | NO | PRI | NULL > | | > | last_contact | int(10) unsigned | NO | | NULL > | | > | ip_address | int(10) unsigned | NO | | NULL > | | > | version | varchar(32) | NO | | NULL > | | > | name | varchar(64) | NO | | NULL > | | > | information | varchar(128) | NO | | NULL > | | > +--------------+----------------------+------+-----+--------- > +----------------+ > 7 rows in set (0.00 sec) > > Given the name of some fields, such as last_contact, I expected to see > records in this table as my agents sent events to my server. However, > after several days of up time, the table still contains no records. > > Anyone have any experience with OSSEC database support and this table > in particular?
Yes, you are correct, this table isnt updated by OSSEC. I just made a small perl-script running from cron to populate this information to my (postgres) database. Hopefully dcid will fix this bug later :) -Asbjørn- -- To unsubscribe, reply using "remove me" as the subject.
