On Tue, Oct 31, 2017 at 7:10 AM, dan (ddp) <[email protected]> wrote: > On Tue, Oct 31, 2017 at 4:40 AM, <[email protected]> wrote: >> hi guys, i encountered very urgent issue, any idea to solve it >> >> when i run system check on ossec agent after certain period: >> >> error comes out: >> >> >> 2017/10/31 14:00:02 ossec-logcollector: INFO: Started (pid: 125256). >> >> 2017/10/31 14:00:32 ossec-syscheckd: INFO: Syscheck scan frequency: 7200 >> seconds >> >> 2017/10/31 14:01:02 ossec-syscheckd: INFO: Starting syscheck scan >> (forwarding database). >> >> 2017/10/31 14:01:02 ossec-syscheckd: INFO: Starting syscheck database >> (pre-scan). >> >> 2017/10/31 14:01:02 ossec-syscheckd: INFO: Initializing real time file >> monitoring engine. >> >> 2017/10/31 14:02:12 ossec-logcollector: INFO: (1904): File not available, >> ignoring it: '/var/log/httpd/error_log'. >> >> 2017/10/31 14:02:12 ossec-logcollector: INFO: (1904): File not available, >> ignoring it: '/var/log/httpd/access_log'. >> >> 2017/10/31 14:02:12 ossec-logcollector: INFO: (1904): File not available, >> ignoring it: '/var/log/messages'. >> >> 2017/10/31 14:02:12 ossec-logcollector: INFO: (1904): File not available, >> ignoring it: '/var/log/secure'. >> >> 2017/10/31 14:02:12 ossec-logcollector: INFO: (1904): File not available, >> ignoring it: '/var/log/maillog'. >> >> 2017/10/31 14:17:59 ossec-agentd: INFO: Event count after '20000': >> 15348403->7890680 (51%) >> >> >> ^[[A2017/10/31 14:36:32 ossec-agentd: INFO: Event count after '20000': >> 15069192->7882200 (52%) >> >> 2017/10/31 14:53:14 ossec-agentd: INFO: Event count after '20000': >> 15773471->8163976 (51%) >> >> 2017/10/31 15:10:33 ossec-agentd: INFO: Event count after '20000': >> 15587516->8092856 (51%) >> >> 2017/10/31 15:28:04 ossec-agentd: INFO: Event count after '20000': >> 15509392->8065232 (52%) >> >> 2017/10/31 15:31:52 ossec-syscheckd: ERROR: Unable to add directory to real >> time monitoring: >> '/var/lib/docker/overlay2/ossec_code_link_class/codelink/49/.git/logs/refs/remotes/origin/qianz'. >> -1 28 >> >> 2017/10/31 15:31:52 ossec-syscheckd: ERROR: Unable to add directory to real >> time monitoring: >> '/var/lib/docker/overlay2/ossec_code_link_class/codelink/49/.git/logs/refs/remotes/origin/qianz/feature'. >> -1 28 >> >> 2017/10/31 15:31:52 ossec-syscheckd: ERROR: Unable to add directory to real >> time monitoring: >> '/var/lib/docker/overlay2/ossec_code_link_class/codelink/49/.git/logs/refs/remotes/origin/qianz/bugfix'. >> -1 28 >> >> 2017/10/31 15:31:52 ossec-syscheckd: ERROR: Unable to add directory to real >> time monitoring: >> '/var/lib/docker/overlay2/ossec_code_link_class/codelink/49/.git/logs/refs/remotes/origin/anthony'. >> -1 28 >> >> 2017/10/31 15:31:52 ossec-syscheckd: ERROR: Unable to add directory to real >> time monitoring: >> '/var/lib/docker/overlay2/ossec_code_link_class/codelink/49/.git/logs/refs/remotes/origin/anthony/feature'. >> -1 28 >> >> 2017/10/31 15:31:54 ossec-syscheckd: ERROR: Unable to add directory to real >> time monitoring: '/var/lib/docker/overlay2/oss >> >> >> >> >> >> >> did i run out of ossec space, any idea about this error, how do i check the >> system check space and how to fix this bug? thank you so much >> > > It looks like errno 28 is "no space left on device." So that's where > I'd start looking. >
Apparently it can also mean you're at your limit of watchable directories. >> -- >> >> --- >> You received this message because you are subscribed to the Google Groups >> "ossec-list" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
