[ossec-list] ossec-dbd keeps disconnecting

Thu, 05 Jan 2017 15:59:43 -0800 

Hi all,

I am having some problems keeping ossec-dbd connected.  I am connecting to 
a mariadb 10.0.24 database and I am running ossec 2.8.3

here is the info from the logs:
2017/01/05 16:46:51 ossec-dbd(5210): INFO: Attempting to reconnect to 
database.
2017/01/05 16:46:51 ossec-dbd: Connected to database 'ossec' at 
'ppdc1lx0111'.
2017/01/05 16:46:51 ossec-dbd(5204): ERROR: Database error. Unable to run 
query.
2017/01/05 16:46:51 ossec-dbd(5203): ERROR: Error executing query 'INSERT 
INTO 
alert(id,server_id,rule_id,timestamp,location_id,src_ip,src_port,dst_ip,dst_port,alertid)
 
VALUES ('847', '1', '502','1483660011', '1', '0', '0', '0', '0', 
'1483660008.1322638')'. Error: 'Duplicate entry '847-1' for key 'PRIMARY''.
2017/01/05 16:46:51 ossec-dbd(5209): INFO: Closing connection to database.
2017/01/05 16:46:51 ossec-dbd(5210): INFO: Attempting to reconnect to 
database.
2017/01/05 16:46:51 ossec-dbd: Connected to database 'ossec' at 
'ppdc1lx0111'.
2017/01/05 16:46:51 ossec-dbd(5204): ERROR: Database error. Unable to run 
query.
2017/01/05 16:47:35 ossec-syscheckd: INFO: Starting syscheck scan 
(forwarding database).
2017/01/05 16:47:35 ossec-syscheckd: INFO: Starting syscheck database 
(pre-scan).
2017/01/05 16:48:16 ossec-dbd(5203): ERROR: Error executing query 'SELECT 
id FROM location WHERE name = '(dvsc1lx0037) 10.69.65.37->/var/log/secure' 
AND server_id = '1' LIMIT 1'. Error: 'Lost connection to MySQL server 
during query'.
2017/01/05 16:48:16 ossec-dbd(5209): INFO: Closing connection to database.
2017/01/05 16:48:16 ossec-dbd(5210): INFO: Attempting to reconnect to 
database.
2017/01/05 16:48:16 ossec-dbd: Connected to database 'ossec' at 
'ppdc1lx0111'.
2017/01/05 16:48:20 ossec-dbd(5203): ERROR: Error executing query 'SELECT 
id FROM location WHERE name = '(dvsc1lx0037) 10.69.65.37->/var/log/secure' 
AND server_id = '1' LIMIT 1'. Error: 'Lost connection to MySQL server 
during query'.
2017/01/05 16:48:20 ossec-dbd(5209): INFO: Closing connection to database.
2017/01/05 16:48:20 ossec-dbd(5210): INFO: Attempting to reconnect to 
database.
2017/01/05 16:48:20 ossec-dbd: Connected to database 'ossec' at 
'ppdc1lx0111'.
2017/01/05 16:48:20 ossec-dbd(5203): ERROR: Error executing query 'INSERT 
INTO data(id, server_id, user, full_log) VALUES ('848', '1', '(null)', 'Jan 
 5 16:48:00 dvsc1lx0037 polkitd(authority=local): Operator of 
unix-session:/org/freedesktop/ConsoleKit/Session2 FAILED to authenticate to 
gain authorization for action 
org.freedesktop.packagekit.system-network-proxy-configure for 
system-bus-name::1.38 [gpk-update-icon] (owned by unix-user:oracle)') '. 
Error: 'Duplicate entry '848-1' for key 'PRIMARY''.
2017/01/05 16:48:20 ossec-dbd(5209): INFO: Closing connection to database.
2017/01/05 16:48:20 ossec-dbd(5210): INFO: Attempting to reconnect to 
database.
2017/01/05 16:48:20 ossec-dbd: Connected to database 'ossec' at 
'ppdc1lx0111'.

I see the duplicate entry key error but am not sure how to fix it.  Any 
suggestions would be helpful.

Thanks,
Sean

-- 

--- 
You received this message because you are subscribed to the Google Groups 
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to