> > > > Am Freitag, 9. April 2010 09:16:39 UTC+2 schrieb Asbjørn Prøis: > > On 8 apr, 18:06, tm wrote: > > Hello, > > > > I have an OSSEC 2.4 server with 5 OSSEC 2.4 agents. When I installed > > the server, I added MySQL database support. All of the tables seems > > to be populated with records as time progresses except for the agent > > table. The structure of the table is as follows: > > > > mysql> describe agent; > > +--------------+----------------------+------+-----+--------- > > +----------------+ > > | Field | Type | Null | Key | Default | > > Extra | > > +--------------+----------------------+------+-----+--------- > > +----------------+ > > | id | smallint(5) unsigned | NO | PRI | NULL | > > auto_increment | > > | server_id | smallint(5) unsigned | NO | PRI | NULL > > | | > > | last_contact | int(10) unsigned | NO | | NULL > > | | > > | ip_address | int(10) unsigned | NO | | NULL > > | | > > | version | varchar(32) | NO | | NULL > > | | > > | name | varchar(64) | NO | | NULL > > | | > > | information | varchar(128) | NO | | NULL > > | | > > +--------------+----------------------+------+-----+--------- > > +----------------+ > > 7 rows in set (0.00 sec) > > > > Given the name of some fields, such as last_contact, I expected to see > > records in this table as my agents sent events to my server. However, > > after several days of up time, the table still contains no records. > > > > Anyone have any experience with OSSEC database support and this table > > in particular? > > Yes, you are correct, this table isnt updated by OSSEC. I just made a > small perl-script running from cron to populate > this information to my (postgres) database. > > Hopefully dcid will fix this bug later :) > > -Asbjørn- > > Am Freitag, 9. April 2010 09:16:39 UTC+2 schrieb Asbjørn Prøis: > > On 8 apr, 18:06, tm wrote: > > Hello, > > > > I have an OSSEC 2.4 server with 5 OSSEC 2.4 agents. When I installed > > the server, I added MySQL database support. All of the tables seems > > to be populated with records as time progresses except for the agent > > table. The structure of the table is as follows: > > > > mysql> describe agent; > > +--------------+----------------------+------+-----+--------- > > +----------------+ > > | Field | Type | Null | Key | Default | > > Extra | > > +--------------+----------------------+------+-----+--------- > > +----------------+ > > | id | smallint(5) unsigned | NO | PRI | NULL | > > auto_increment | > > | server_id | smallint(5) unsigned | NO | PRI | NULL > > | | > > | last_contact | int(10) unsigned | NO | | NULL > > | | > > | ip_address | int(10) unsigned | NO | | NULL > > | | > > | version | varchar(32) | NO | | NULL > > | | > > | name | varchar(64) | NO | | NULL > > | | > > | information | varchar(128) | NO | | NULL > > | | > > +--------------+----------------------+------+-----+--------- > > +----------------+ > > 7 rows in set (0.00 sec) > > > > Given the name of some fields, such as last_contact, I expected to see > > records in this table as my agents sent events to my server. However, > > after several days of up time, the table still contains no records. > > > > Anyone have any experience with OSSEC database support and this table > > in particular? > > Yes, you are correct, this table isnt updated by OSSEC. I just made a > small perl-script running from cron to populate > this information to my (postgres) database. > > Hopefully dcid will fix this bug later :) > > -Asbjørn- > > Am Freitag, 9. April 2010 09:16:39 UTC+2 schrieb Asbjørn Prøis: > > On 8 apr, 18:06, tm <[email protected]> wrote: > > Hello, > > > > I have an OSSEC 2.4 server with 5 OSSEC 2.4 agents. When I installed > > the server, I added MySQL database support. All of the tables seems > > to be populated with records as time progresses except for the agent > > table. The structure of the table is as follows: > > > > mysql> describe agent; > > +--------------+----------------------+------+-----+--------- > > +----------------+ > > | Field | Type | Null | Key | Default | > > Extra | > > +--------------+----------------------+------+-----+--------- > > +----------------+ > > | id | smallint(5) unsigned | NO | PRI | NULL | > > auto_increment | > > | server_id | smallint(5) unsigned | NO | PRI | NULL > > | | > > | last_contact | int(10) unsigned | NO | | NULL > > | | > > | ip_address | int(10) unsigned | NO | | NULL > > | | > > | version | varchar(32) | NO | | NULL > > | | > > | name | varchar(64) | NO | | NULL > > | | > > | information | varchar(128) | NO | | NULL > > | | > > +--------------+----------------------+------+-----+--------- > > +----------------+ > > 7 rows in set (0.00 sec) > > > > Given the name of some fields, such as last_contact, I expected to see > > records in this table as my agents sent events to my server. However, > > after several days of up time, the table still contains no records. > > > > Anyone have any experience with OSSEC database support and this table > > in particular? > > Yes, you are correct, this table isnt updated by OSSEC. I just made a > small perl-script running from cron to populate > this information to my (postgres) database. > > Hopefully dcid will fix this bug later :) > > -Asbjørn- >
Hi Asbjørn Is your script still running? Would you mind posting it, I would highly appreciate it. Kind regards, Oliver
