This seems to be a MySQL connection issue.
You might be able to verify this by increasing the MySQL timeout.
On Tuesday, January 14, 2014 10:33:29 PM UTC-8, Lawrence Williams wrote:
>
> Is there anyway to get more out of the OSSEC log?
>
> i have set all the debug parameters to Level 2
> in /var/ossec/etc/internal_options.conf but dont really see any more output?
>
> # Debug options.
> # Debug 0 -> no debug
> # Debug 1 -> first level of debug
> # Debug 2 -> full debugging
>
> # Windows debug (used by the windows agent)
> windows.debug=2
>
> # Syscheck (local, server and unix agent)
> syscheck.debug=2
>
> # Remoted (server debug)
> remoted.debug=0
>
> # Analysisd (server or local)
> analysisd.debug=2
>
> # Log collector (server, local or unix agent)
> logcollector.debug=2
>
> # Unix agentd
> agent.debug=2
>
>
>
>
> On Tuesday, 14 January 2014 16:15:20 UTC, Lawrence Williams wrote:
>>
>>
>> I am trying to get OSSEC 2.7.1 working with my mysql database (all on
>> same box).
>>
>> Ive got the conf file entries:
>>
>> <database_output>
>> <hostname>127.0.0.1</hostname>
>> <username>ossecuser</username>
>> <password>ossecpass</password>
>> <database>ossec</database>
>> <type>mysql</type>
>> </database_output>
>>
>> but after a couple of minutes i start to see problems with db connection
>> 'gone away'. The disconnect, issue, reconnect loop then keeps on....
>>
>> I have seen other postings related to similar problems - but none give
>> any solution.
>>
>> 2014/01/14 15:58:09 ossec-dbd(5203): ERROR: Error executing query 'SELECT
>> id FROM location WHERE name = 'localhost->/var/log/secure' AND server_id =
>> '1' LIMIT 1'. Error: 'MySQL server has gone away'.
>> 2014/01/14 15:58:09 ossec-dbd(5209): INFO: Closing connection to database.
>> 2014/01/14 15:58:09 ossec-dbd(5210): INFO: Attempting to reconnect to
>> database.
>> 2014/01/14 15:58:09 ossec-dbd: Connected to database 'ossec' at
>> '127.0.0.1'.
>> 2014/01/14 16:01:00 ossec-syscheckd: INFO: Initializing real time file
>> monitoring (not started).
>> 2014/01/14 16:10:05 ossec-dbd(5203): ERROR: Error executing query 'INSERT
>> INTO data(id, server_id, user, full_log) VALUES ('8', '1', 'vagrant', 'Jan
>> 14 16:10:01 localhost sudo: vagrant : TTY=pts/1 ; PWD=/mountlocaldev ;
>> USER=root ; COMMAND=/bin/su -') '. Error: 'MySQL server has gone away'.
>> 2014/01/14 16:10:05 ossec-dbd(5209): INFO: Closing connection to database.
>> 2014/01/14 16:10:05 ossec-dbd(5210): INFO: Attempting to reconnect to
>> database.
>> 2014/01/14 16:10:05 ossec-dbd: Connected to database 'ossec' at
>> '127.0.0.1'.
>> 2014/01/14 16:10:05 ossec-dbd(5204): ERROR: Database error. Unable to run
>> query.
>>
>>
>> Any ideas?
>> TIA
>>
>>
>
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.