Thanks scott ;) Yep, I tried using dbd with -d for debug mode but I do not understand where the debbuging logs go to... I'm actually looking to make mysql more talkative about the insertions and updates, I'll keep you informed when succeeded.
On Thursday, May 10, 2012 8:09:26 PM UTC+2, dan (ddpbsd) wrote: > > On Thu, May 10, 2012 at 11:32 AM, secatoor wrote: > > Well, stoping OSSEC loggingg to log files is not really the problem, I > can > > handle that with a script... > > > > What I really would like to have is all the logs into mysql because the > > volume of generated logs is too important to be crawled with a single > script > > :( > > > > > > I really can not understand why mysql shows me all the INSERT and UPDATE > > commands but does not execute them (not anymore, it worked only for 12 > > lines)... > > > > Did you ever try running ossec-dbd in debug mode? > Do the mysql logs show the insert or whether it was successful or not? > If not, you might want to increase the verbosity or something. > > > > > Le jeudi 10 mai 2012 14:44:03 UTC+2, dan (ddpbsd) a écrit : > >> > >> On Thu, May 10, 2012 at 8:35 AM, Scott VR wrote: > >> > Well, like dan I don't actually use it, but like you, I have > configured > >> > it. > >> > > >> > What dan said about writing code is of interest here, I think.. And > >> > might be > >> > the key to what you want. Perhaps Dan will elaborate on what he > meant. > >> > Maybe > >> > the database feature is incomplete, hence his suggestion that you > fire > >> > up a > >> > text editor? > >> > > >> > Scott > >> > > >> > >> It works for most people, and I think it's used heavily by some > >> users.While I don't think the db stuff is feature complete, that's not > >> what I meant. > >> > >> There is currently no way to not log to text files, and to change that > >> you'd have to modify the source code. This isn't something I'd > >> consider a feature though. > >> > >> > >> > > >> > On May 10, 2012, at 4:36 AM, secatoor wrote: > >> > > >> > Hi Scott, > >> > > >> > Yes I did configure the "database output", otherwise we wouldn't see > the > >> > actions in mysql.log, these are the parameters I used: > >> > > >> > <database_output> > >> > <hostname>localhost</hostname> > >> > <username>ossecuser</username> > >> > <password>password</password> > >> > <database>ossec</database> > >> > <type>mysql</type> > >> > </database_output> > >> > > >> > There must be something wrong with mysql, is ther something (timeout > or > >> > maxConnection) that I should change ? > >> > > >> > Le mercredi 9 mai 2012 18:35:32 UTC+2, Scott VR a écrit : > >> >> > >> >> > >> >> > >> >> > >> >> > >> >> On May 9, 2012, at 6:16 AM, secatoor wrote: > >> >> > >> >> > Is there something specific I have to tell OSSEC to make it stop > >> >> > logging into log files and log into mysql database ? > >> >> > > >> >> > >> >> Did you set database_output and appropriate credential, etc > parameters > >> >> in > >> >> ossec.conf? > >> >> > >> >> See http://www.ossec.net/doc/manual/output/database-output.html > >> >> > >> >> It sounds like you completed "Enabling database support", but missed > >> >> "Enabling database output in configuration" perhaps. > >> >> > >> >> ScottVR > >> >> > >> >> > I tried starting it again and again but it still does not work > fine > >> >> > (I > >> >> > even tried from scratch, with no previous installation)... > >> >> > > >> >> > If someone has any idea, you're welcome ;) > >> >> > Thanks >
