Hi all, I am having some problems keeping ossec-dbd connected. I am connecting to a mariadb 10.0.24 database and I am running ossec 2.8.3
here is the info from the logs: 2017/01/05 16:46:51 ossec-dbd(5210): INFO: Attempting to reconnect to database. 2017/01/05 16:46:51 ossec-dbd: Connected to database 'ossec' at 'ppdc1lx0111'. 2017/01/05 16:46:51 ossec-dbd(5204): ERROR: Database error. Unable to run query. 2017/01/05 16:46:51 ossec-dbd(5203): ERROR: Error executing query 'INSERT INTO alert(id,server_id,rule_id,timestamp,location_id,src_ip,src_port,dst_ip,dst_port,alertid) VALUES ('847', '1', '502','1483660011', '1', '0', '0', '0', '0', '1483660008.1322638')'. Error: 'Duplicate entry '847-1' for key 'PRIMARY''. 2017/01/05 16:46:51 ossec-dbd(5209): INFO: Closing connection to database. 2017/01/05 16:46:51 ossec-dbd(5210): INFO: Attempting to reconnect to database. 2017/01/05 16:46:51 ossec-dbd: Connected to database 'ossec' at 'ppdc1lx0111'. 2017/01/05 16:46:51 ossec-dbd(5204): ERROR: Database error. Unable to run query. 2017/01/05 16:47:35 ossec-syscheckd: INFO: Starting syscheck scan (forwarding database). 2017/01/05 16:47:35 ossec-syscheckd: INFO: Starting syscheck database (pre-scan). 2017/01/05 16:48:16 ossec-dbd(5203): ERROR: Error executing query 'SELECT id FROM location WHERE name = '(dvsc1lx0037) 10.69.65.37->/var/log/secure' AND server_id = '1' LIMIT 1'. Error: 'Lost connection to MySQL server during query'. 2017/01/05 16:48:16 ossec-dbd(5209): INFO: Closing connection to database. 2017/01/05 16:48:16 ossec-dbd(5210): INFO: Attempting to reconnect to database. 2017/01/05 16:48:16 ossec-dbd: Connected to database 'ossec' at 'ppdc1lx0111'. 2017/01/05 16:48:20 ossec-dbd(5203): ERROR: Error executing query 'SELECT id FROM location WHERE name = '(dvsc1lx0037) 10.69.65.37->/var/log/secure' AND server_id = '1' LIMIT 1'. Error: 'Lost connection to MySQL server during query'. 2017/01/05 16:48:20 ossec-dbd(5209): INFO: Closing connection to database. 2017/01/05 16:48:20 ossec-dbd(5210): INFO: Attempting to reconnect to database. 2017/01/05 16:48:20 ossec-dbd: Connected to database 'ossec' at 'ppdc1lx0111'. 2017/01/05 16:48:20 ossec-dbd(5203): ERROR: Error executing query 'INSERT INTO data(id, server_id, user, full_log) VALUES ('848', '1', '(null)', 'Jan 5 16:48:00 dvsc1lx0037 polkitd(authority=local): Operator of unix-session:/org/freedesktop/ConsoleKit/Session2 FAILED to authenticate to gain authorization for action org.freedesktop.packagekit.system-network-proxy-configure for system-bus-name::1.38 [gpk-update-icon] (owned by unix-user:oracle)') '. Error: 'Duplicate entry '848-1' for key 'PRIMARY''. 2017/01/05 16:48:20 ossec-dbd(5209): INFO: Closing connection to database. 2017/01/05 16:48:20 ossec-dbd(5210): INFO: Attempting to reconnect to database. 2017/01/05 16:48:20 ossec-dbd: Connected to database 'ossec' at 'ppdc1lx0111'. I see the duplicate entry key error but am not sure how to fix it. Any suggestions would be helpful. Thanks, Sean -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.