Is there anyway to get more out of the OSSEC log?
i have set all the debug parameters to Level 2
in /var/ossec/etc/internal_options.conf but dont really see any more output?
# Debug options.
# Debug 0 -> no debug
# Debug 1 -> first level of debug
# Debug 2 -> full debugging
# Windows debug (used by the windows agent)
windows.debug=2
# Syscheck (local, server and unix agent)
syscheck.debug=2
# Remoted (server debug)
remoted.debug=0
# Analysisd (server or local)
analysisd.debug=2
# Log collector (server, local or unix agent)
logcollector.debug=2
# Unix agentd
agent.debug=2
On Tuesday, 14 January 2014 16:15:20 UTC, Lawrence Williams wrote:
>
>
> I am trying to get OSSEC 2.7.1 working with my mysql database (all on same
> box).
>
> Ive got the conf file entries:
>
> <database_output>
> <hostname>127.0.0.1</hostname>
> <username>ossecuser</username>
> <password>ossecpass</password>
> <database>ossec</database>
> <type>mysql</type>
> </database_output>
>
> but after a couple of minutes i start to see problems with db connection
> 'gone away'. The disconnect, issue, reconnect loop then keeps on....
>
> I have seen other postings related to similar problems - but none give any
> solution.
>
> 2014/01/14 15:58:09 ossec-dbd(5203): ERROR: Error executing query 'SELECT
> id FROM location WHERE name = 'localhost->/var/log/secure' AND server_id =
> '1' LIMIT 1'. Error: 'MySQL server has gone away'.
> 2014/01/14 15:58:09 ossec-dbd(5209): INFO: Closing connection to database.
> 2014/01/14 15:58:09 ossec-dbd(5210): INFO: Attempting to reconnect to
> database.
> 2014/01/14 15:58:09 ossec-dbd: Connected to database 'ossec' at
> '127.0.0.1'.
> 2014/01/14 16:01:00 ossec-syscheckd: INFO: Initializing real time file
> monitoring (not started).
> 2014/01/14 16:10:05 ossec-dbd(5203): ERROR: Error executing query 'INSERT
> INTO data(id, server_id, user, full_log) VALUES ('8', '1', 'vagrant', 'Jan
> 14 16:10:01 localhost sudo: vagrant : TTY=pts/1 ; PWD=/mountlocaldev ;
> USER=root ; COMMAND=/bin/su -') '. Error: 'MySQL server has gone away'.
> 2014/01/14 16:10:05 ossec-dbd(5209): INFO: Closing connection to database.
> 2014/01/14 16:10:05 ossec-dbd(5210): INFO: Attempting to reconnect to
> database.
> 2014/01/14 16:10:05 ossec-dbd: Connected to database 'ossec' at
> '127.0.0.1'.
> 2014/01/14 16:10:05 ossec-dbd(5204): ERROR: Database error. Unable to run
> query.
>
>
> Any ideas?
> TIA
>
>
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
