I've noticed a similar issue. I recently updated from an OSSEC 2.8.x 
install to a 2.9.x install. With my 2.8.x install, I had been using Analogi 
for quite some time.

I encountered some issues enabling MySQL support during the update as this 
feature is not documented well and all the available documentation only 
applies to 2.8.x installs (but that's a separate problem). 

After the update, some of Analogi's functionality was suddenly broken. In 
particular, attempting to use the "Detail" dashboard no longer works; no 
events the occurred after the update will be returned in any searches. The 
"Index" and "Mass Monitoring" dashboards seem to work, but only partially 
(it's tough to verify, but in my install it looks like events from some 
sources don't display, or perhaps only sporadically). I'm not getting the 
Analogi error you note, but it doesn't appear to be working properly either.

I assume this is because the database schema changed just enough to break 
Analogi. I recall needing to manually modify the schema of the database I 
already had; it's possible I didn't do it right but I don't remember what I 
did anymore. I've also noticed that some parts of the database don't appear 
to be getting populated (the 'agents' table for example), but OSSEC 
otherwise works properly, and the OSSEC WUI works. I get the impression 
that there's not much drive to improve the external database support for 
OSSEC, so there's not much documentation or support for it. And since 
development on Analogi appears to have stopped quite some time ago...it may 
be broken for good.

You might try setting up an older version of OSSEC first, perhaps the last 
2.8.x version, since that worked with Analogi without issues for me. You 
then might be able to do the upgrade to 2.9.x (if you so desired) and try 
to see where things break down. I'd certainly be interested to know if 
you're able to figure it out.

-- 

--- 
You received this message because you are subscribed to the Google Groups 
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to