Subject: Re: [ossec-list] ossec-dbd keeps disconnecting



On Thu, Jan 5, 2017 at 6:59 PM, Sean Roe <sean152@xxxxxxxxx> wrote:
> Hi all,
>
> I am having some problems keeping ossec-dbd connected. I am connecting to a
> mariadb 10.0.24 database and I am running ossec 2.8.3
>

Are there any clues in your mariadb logs?

> here is the info from the logs:
> 2017/01/05 16:46:51 ossec-dbd(5210): INFO: Attempting to reconnect to
> database.
> 2017/01/05 16:46:51 ossec-dbd: Connected to database 'ossec' at
> 'ppdc1lx0111'.
> 2017/01/05 16:46:51 ossec-dbd(5204): ERROR: Database error. Unable to run
> query.
> 2017/01/05 16:46:51 ossec-dbd(5203): ERROR: Error executing query 'INSERT
> INTO
> alert(id,server_id,rule_id,timestamp,location_id,src_ip,src_port,dst_ip,dst_port,alertid)
> VALUES ('847', '1', '502','1483660011', '1', '0', '0', '0', '0',
> '1483660008.1322638')'. Error: 'Duplicate entry '847-1' for key 'PRIMARY''.
> 2017/01/05 16:46:51 ossec-dbd(5209): INFO: Closing connection to database.
> 2017/01/05 16:46:51 ossec-dbd(5210): INFO: Attempting to reconnect to
> database.
> 2017/01/05 16:46:51 ossec-dbd: Connected to database 'ossec' at
> 'ppdc1lx0111'.
> 2017/01/05 16:46:51 ossec-dbd(5204): ERROR: Database error. Unable to run
> query.
> 2017/01/05 16:47:35 ossec-syscheckd: INFO: Starting syscheck scan
> (forwarding database).
> 2017/01/05 16:47:35 ossec-syscheckd: INFO: Starting syscheck database
> (pre-scan).
> 2017/01/05 16:48:16 ossec-dbd(5203): ERROR: Error executing query 'SELECT id
> FROM location WHERE name = '(dvsc1lx0037) 10.69.65.37->/var/log/secure' AND
> server_id = '1' LIMIT 1'. Error: 'Lost connection to MySQL server during
> query'.
> 2017/01/05 16:48:16 ossec-dbd(5209): INFO: Closing connection to database.
> 2017/01/05 16:48:16 ossec-dbd(5210): INFO: Attempting to reconnect to
> database.
> 2017/01/05 16:48:16 ossec-dbd: Connected to database 'ossec' at
> 'ppdc1lx0111'.
> 2017/01/05 16:48:20 ossec-dbd(5203): ERROR: Error executing query 'SELECT id
> FROM location WHERE name = '(dvsc1lx0037) 10.69.65.37->/var/log/secure' AND
> server_id = '1' LIMIT 1'. Error: 'Lost connection to MySQL server during
> query'.
> 2017/01/05 16:48:20 ossec-dbd(5209): INFO: Closing connection to database.
> 2017/01/05 16:48:20 ossec-dbd(5210): INFO: Attempting to reconnect to
> database.
> 2017/01/05 16:48:20 ossec-dbd: Connected to database 'ossec' at
> 'ppdc1lx0111'.
> 2017/01/05 16:48:20 ossec-dbd(5203): ERROR: Error executing query 'INSERT
> INTO data(id, server_id, user, full_log) VALUES ('848', '1', '(null)', 'Jan
> 5 16:48:00 dvsc1lx0037 polkitd(authority=local): Operator of
> unix-session:/org/freedesktop/ConsoleKit/Session2 FAILED to authenticate to
> gain authorization for action
> org.freedesktop.packagekit.system-network-proxy-configure for
> system-bus-name::1.38 [gpk-update-icon] (owned by unix-user:oracle)') '.
> Error: 'Duplicate entry '848-1' for key 'PRIMARY''.
> 2017/01/05 16:48:20 ossec-dbd(5209): INFO: Closing connection to database.
> 2017/01/05 16:48:20 ossec-dbd(5210): INFO: Attempting to reconnect to
> database.
> 2017/01/05 16:48:20 ossec-dbd: Connected to database 'ossec' at
> 'ppdc1lx0111'.
>
> I see the duplicate entry key error but am not sure how to fix it. Any
> suggestions would be helpful.
>
> Thanks,
> Sean
>
> --
>
> ---
> You received this message because you are subscribed to the Google Groups
> "ossec-list" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ossec-list+unsubscribe@xxxxxxxxxxxxxxxx.
> For more options, visit https://groups.google.com/d/optout.

--

---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ossec-list+unsubscribe@xxxxxxxxxxxxxxxx.
For more options, visit https://groups.google.com/d/optout.



Programming list archiving by: Enterprise Git Hosting