DISREGARD - major faux pas on my part from previous... its' alert not alerts table.(singular)
Alert table does exist, however the column "level" does not, i will create it manually. MariaDB [ossec]> describe alert; +-------------+-----------------------+------+-----+---------+-------+ | Field | Type | Null | Key | Default | Extra | +-------------+-----------------------+------+-----+---------+-------+ | id | int(10) unsigned | NO | PRI | NULL | | | server_id | smallint(5) unsigned | NO | PRI | NULL | | | rule_id | mediumint(8) unsigned | NO | MUL | NULL | | | timestamp | int(10) unsigned | NO | MUL | NULL | | | location_id | smallint(5) unsigned | NO | | NULL | | | src_ip | int(10) unsigned | YES | MUL | NULL | | | dst_ip | int(10) unsigned | YES | | NULL | | | src_port | smallint(5) unsigned | YES | | NULL | | | dst_port | smallint(5) unsigned | YES | | NULL | | | alertid | tinytext | YES | | NULL | | +-------------+-----------------------+------+-----+---------+-------+ 10 rows in set (0.00 sec) I added the "level" column and all is well so far. I wonder why the mysql.schema script isnt doing this? No error messages in the log. MariaDB [ossec]> describe alert; +-------------+-----------------------+------+-----+---------+-------+ | Field | Type | Null | Key | Default | Extra | +-------------+-----------------------+------+-----+---------+-------+ | id | int(10) unsigned | NO | PRI | NULL | | | server_id | smallint(5) unsigned | NO | PRI | NULL | | | rule_id | mediumint(8) unsigned | NO | MUL | NULL | | | timestamp | int(10) unsigned | NO | MUL | NULL | | | location_id | smallint(5) unsigned | NO | | NULL | | | src_ip | int(10) unsigned | YES | MUL | NULL | | | dst_ip | int(10) unsigned | YES | | NULL | | | src_port | smallint(5) unsigned | YES | | NULL | | | dst_port | smallint(5) unsigned | YES | | NULL | | | alertid | tinytext | YES | | NULL | | | level | tinyint(3) unsigned | YES | | NULL | | +-------------+-----------------------+------+-----+---------+-------+ 11 rows in set (0.00 sec) On Monday, April 10, 2017 at 2:22:49 PM UTC-4, Dayne Jordan wrote: > > MariaDB [(none)]> use ossec > Reading table information for completion of table and column names > You can turn off this feature to get a quicker startup with -A > > Database changed > MariaDB [ossec]> describe alerts; > ERROR 1146 (42S02): Table 'ossec.alerts' doesn't exist > MariaDB [ossec]> > > the mysql schema certainly appears to have the logic to create all the > tables it needed. I ran the mysql schema again manually, restarted mysql > and ossec and still have the same error. > > > On Monday, April 10, 2017 at 2:07:47 PM UTC-4, Joshua Gimer wrote: >> >> Looking at the database schema here: >> >> https://github.com/ossec/ossec-hids/blob/master/src/os_dbd/mysql.schema >> >> There is a column in the alerts table called level. I would do a describe >> on your alerts table and make sure that it has all of the expected columns. >> >> MySQL> use ossec; -- this should be the name of your ossec db. >> >> MySQL> describe alerts; >> >> Any column that doesn't exist can be added using an alter statement. >> >> MySQL> ALTER TABLE alerts ADD level TINYINT UNSIGNED BEFORE timstamp >> AFTER rule_id; >> >> Josh >> >> On Mon, Apr 10, 2017 at 9:55 AM Dayne Jordan <[email protected]> wrote: >> >>> All has been running fine with 2.8.3 since mid 2016 - no issues at all. >>> Decided to update to 2.9 for some JSON functionality and after updating the >>> server we are encountering this error: >>> >>> ossec-dbd(5203): ERROR: Error executing query 'INSERT INTO >>>> alert(server_id,rule_id,level,timestamp,location_id,src_ip,src_port,dst_ip,dst_port,alertid,user,full_log) >>>> >>>> VALUES ('1', '11401','3','1491834328', '15', 'xx.xx.xx.xx"', '0', >>>> '(null)', >>>> '0', '1491834324.502203', '(null)', 'Mon Apr 10 09:25:23 2017 [pid 7940] >>>> CONNECT: Client "xx.xx.xx.xx"')'. Error: 'Unknown column 'level' in 'field >>>> list'' >>>> >>> >>> We have tried updating a few of the associated agents as well - same >>> error. >>> Any ideas? >>> OSSEC-2.8.3 to 2.9 RC5 >>> RHEL 6.8 >>> MariaDB/MySQL >>> >>> -- >>> >>> --- >>> You received this message because you are subscribed to the Google >>> Groups "ossec-list" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected]. >>> For more options, visit https://groups.google.com/d/optout. >>> >> -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
