You redacted the IP address in the ossec logs, so I'm assuming it is something other than 127.0.0.1?
Because your netstat shows that mysql is only bound to 127.0.0.1.
On 7/16/2015 4:01 AM, Legolas Klaitxu wrote:
Good Morning,I've started to work with ossec and reviewing the log I identify this error2015/07/16 10:30:37 ossec-syscheckd: INFO: Starting syscheck database (pre-scan). 2015/07/16 10:30:50 ossec-dbd(5202): ERROR: Error connecting to database <ip address> (ossec): ERROR: Can't connect to MySQL server on <ip address> (111). 2015/07/16 10:31:31 ossec-dbd(5202): ERROR: Error connecting to database <ip address> (ossec): ERROR: Can't connect to MySQL server on <ip address> (111). 2015/07/16 10:32:30 ossec-dbd(5202): ERROR: Error connecting to database <ip address> (ossec): ERROR: Can't connect to MySQL server on <ip address> (111). 2015/07/16 10:35:30 ossec-dbd(5202): ERROR: Error connecting to database <ip address> (ossec): ERROR: Can't connect to MySQL server on <ip address> (111). 2015/07/16 10:36:21 ossec-dbd(5202): ERROR: Error connecting to database <ip address> (ossec): ERROR: Can't connect to MySQL server on <ip address> (111). 2015/07/16 10:38:31 ossec-dbd(5202): ERROR: Error connecting to database <ip address> (ossec): ERROR: Can't connect to MySQL server on <ip address> (111). 2015/07/16 10:38:48 ossec-syscheckd: INFO: Finished creating syscheck database (pre-scan completed). 2015/07/16 10:39:00 ossec-syscheckd: INFO: Ending syscheck scan (forwarding database). 2015/07/16 10:39:13 ossec-dbd(5202): ERROR: Error connecting to database <ip address> (ossec): ERROR: Can't connect to MySQL server on <ip address> (111).2015/07/16 10:39:20 ossec-rootcheck: INFO: Starting rootcheck scan.2015/07/16 10:39:30 ossec-dbd(5202): ERROR: Error connecting to database <ip address> (ossec): ERROR: Can't connect to MySQL server on<ip address> (111)./var/ossec/logs/alerts <mailto:root@BAE-I-MT1:/var/ossec/logs/alerts># netstat -atp | grep LISTEN tcp 0 0 localhost:mysql *:* LISTEN 3324/mysqldMysql is UP, I've updated /var/ossec/etc/internal_options.conf" setting dbd.reconnect_attempts to 30 but the error persists.any help? regards -- ---You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected] <mailto:[email protected]>.For more options, visit https://groups.google.com/d/optout.
----- You received this message because you are subscribed to the Google Groups "ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
smime.p7s
Description: S/MIME Cryptographic Signature
