On Tue, Oct 31, 2017 at 4:40 AM, <[email protected]> wrote: > hi guys, i encountered very urgent issue, any idea to solve it > > when i run system check on ossec agent after certain period: > > error comes out: > > > 2017/10/31 14:00:02 ossec-logcollector: INFO: Started (pid: 125256). > > 2017/10/31 14:00:32 ossec-syscheckd: INFO: Syscheck scan frequency: 7200 > seconds > > 2017/10/31 14:01:02 ossec-syscheckd: INFO: Starting syscheck scan > (forwarding database). > > 2017/10/31 14:01:02 ossec-syscheckd: INFO: Starting syscheck database > (pre-scan). > > 2017/10/31 14:01:02 ossec-syscheckd: INFO: Initializing real time file > monitoring engine. > > 2017/10/31 14:02:12 ossec-logcollector: INFO: (1904): File not available, > ignoring it: '/var/log/httpd/error_log'. > > 2017/10/31 14:02:12 ossec-logcollector: INFO: (1904): File not available, > ignoring it: '/var/log/httpd/access_log'. > > 2017/10/31 14:02:12 ossec-logcollector: INFO: (1904): File not available, > ignoring it: '/var/log/messages'. > > 2017/10/31 14:02:12 ossec-logcollector: INFO: (1904): File not available, > ignoring it: '/var/log/secure'. > > 2017/10/31 14:02:12 ossec-logcollector: INFO: (1904): File not available, > ignoring it: '/var/log/maillog'. > > 2017/10/31 14:17:59 ossec-agentd: INFO: Event count after '20000': > 15348403->7890680 (51%) > > > ^[[A2017/10/31 14:36:32 ossec-agentd: INFO: Event count after '20000': > 15069192->7882200 (52%) > > 2017/10/31 14:53:14 ossec-agentd: INFO: Event count after '20000': > 15773471->8163976 (51%) > > 2017/10/31 15:10:33 ossec-agentd: INFO: Event count after '20000': > 15587516->8092856 (51%) > > 2017/10/31 15:28:04 ossec-agentd: INFO: Event count after '20000': > 15509392->8065232 (52%) > > 2017/10/31 15:31:52 ossec-syscheckd: ERROR: Unable to add directory to real > time monitoring: > '/var/lib/docker/overlay2/ossec_code_link_class/codelink/49/.git/logs/refs/remotes/origin/qianz'. > -1 28 > > 2017/10/31 15:31:52 ossec-syscheckd: ERROR: Unable to add directory to real > time monitoring: > '/var/lib/docker/overlay2/ossec_code_link_class/codelink/49/.git/logs/refs/remotes/origin/qianz/feature'. > -1 28 > > 2017/10/31 15:31:52 ossec-syscheckd: ERROR: Unable to add directory to real > time monitoring: > '/var/lib/docker/overlay2/ossec_code_link_class/codelink/49/.git/logs/refs/remotes/origin/qianz/bugfix'. > -1 28 > > 2017/10/31 15:31:52 ossec-syscheckd: ERROR: Unable to add directory to real > time monitoring: > '/var/lib/docker/overlay2/ossec_code_link_class/codelink/49/.git/logs/refs/remotes/origin/anthony'. > -1 28 > > 2017/10/31 15:31:52 ossec-syscheckd: ERROR: Unable to add directory to real > time monitoring: > '/var/lib/docker/overlay2/ossec_code_link_class/codelink/49/.git/logs/refs/remotes/origin/anthony/feature'. > -1 28 > > 2017/10/31 15:31:54 ossec-syscheckd: ERROR: Unable to add directory to real > time monitoring: '/var/lib/docker/overlay2/oss > > > > > > > did i run out of ossec space, any idea about this error, how do i check the > system check space and how to fix this bug? thank you so much >
It looks like errno 28 is "no space left on device." So that's where I'd start looking. > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
