Daniel Cid wrote:
> Hi Thomas,
>
> IF OSSEC is not able to store the alerts in the database, it is
> suppose to write the error
> to ossec.log and keep trying until it works (so you will not lose any
> alerts). As for it just
> stopping, we would need more information to try to debug it. Only
> ossec-dbd stopped
> or all ossec processes?
>
> Thanks,
>
> --
> Daniel B. Cid
> dcid ( at ) ossec.net
>
>
> On Nov 12, 2007 5:27 AM, Tomas Olsson <[EMAIL PROTECTED]> wrote:
>
>> Tomas Olsson wrote:
>>
>>> Hi,
>>>
>>> I am running OSSEC 1.4 storing the alerts on MySQL but it seems not to
>>> be robust enogh for using on my PowerBook. I started running OSSEC
>>> this last Friday and today I still get email alertss but there is no
>>> alerts stored in the database. I have both OSSEC and MySQL running on
>>> my PowerBook. When I look at what processes are running ossec-dbd is
>>> not running but there is no error message in the ossec.log telling
>>> when it stopped. Now I have restarted ossec and it seems to work as it
>>> should. Maybe OSSEC cannot handle that I bring the computer home
>>> where it gets a completely different IP address although I use
>>> 'localhost' as hostname in the configuration file?
>>>
>>> /Tomas
>>>
>>>
>> And what would happen if the MySQL server is not reachable from a
>> computer? I would like to monitor computers that store their alerts in a
>> MySQl database but if the MySQL server is not reachable the alerts
>> should be queued until the server is available again.
>>
>> /Tomas
>>
>>
OK, ossec-dbd and ossec-execd had stopped but others were still working
and I still received email alerts. If I executed 'sudo' I got an email
alert of its success but no entry in the database but I did not get any
errors. Well this is probably not enough information for debugging but I
will report if I get the same behavior again.
/Tomas
