Hi Dan, If by clearing the syscheck database you mean: ./syscheck_update -a and/or ./syscheck_update -u local
I already did that while ossec daemons were stopped. After restart the same errors appears in logs. I am using ossec-hids-2.4.1. The above error messages appear in server and agent logs. Can you please give me the SQL syntax/file (or a link) to create the MySQL database; I suspect the problem may be from the structure of the database I use now. Thanks, Adi -----Original Message----- From: ossec-list@googlegroups.com [mailto:ossec-l...@googlegroups.com] On Behalf Of dan (ddp) Sent: Monday, May 17, 2010 5:27 PM To: ossec-list@googlegroups.com Subject: Re: [ossec-list] analysisd: ERROR: Invalid syscheck message received. I don't know what's going on with the messages, but you could try stopping the server and clearing the syscheck database for that agent. On Mon, May 17, 2010 at 9:19 AM, Adi CHIRU <adi.ch...@avangate.com> wrote: > Hi guys, > > > > I have some problems with ossec syscheck as it seems it does not catch all > the events that happen in a directory configured to be monitored in > real-time. To find out what is going wrong I was watching the logs and found > the below errors for which I could not find a relevant discussion/solution > with google. > > > > Can you please help? > > > > 2010/05/17 12:29:35 ossec-logcollector: INFO: Started (pid: 11462). > > 2010/05/17 12:30:06 ossec-syscheckd: INFO: Starting syscheck database > (pre-scan). > > 2010/05/17 12:31:40 ossec-syscheckd: INFO: Finished creating syscheck > database (pre-scan completed). > > 2010/05/17 12:33:40 ossec-syscheckd: INFO: Starting syscheck scan > (forwarding database). > > 2010/05/17 12:34:12 ossec-analysisd(1755): ERROR: Invalid syscheck message > received. > > 2010/05/17 12:34:16 ossec-analysisd(1755): ERROR: Invalid syscheck message > received. > > 2010/05/17 12:34:16 ossec-analysisd(1755): ERROR: Invalid syscheck message > received. > > 2010/05/17 12:38:28 ossec-syscheckd: INFO: Ending syscheck scan (forwarding > database). > > 2010/05/17 12:38:48 ossec-rootcheck: INFO: Starting rootcheck scan. > > 2010/05/17 12:41:08 ossec-rootcheck: INFO: Ending rootcheck scan. > > 2010/05/17 13:04:17 ossec-analysisd: Invalid integrity message in the > database. > > 2010/05/17 13:06:18 ossec-analysisd: Invalid integrity message in the > database. > > 2010/05/17 13:10:14 ossec-analysisd: Invalid integrity message in the > database. > > 2010/05/17 13:10:14 ossec-analysisd: Invalid integrity message in the > database. > > 2010/05/17 13:10:14 ossec-analysisd: Invalid integrity message in the > database. > > 2010/05/17 13:10:14 ossec-analysisd: Invalid integrity message in the > database. > > > > If you need any other info please let me know... > > > > Thanks, > > Adi
