store | blogs | forums | twitter | facebook | wiki | downloads | support portal
Atomic Secure Linux
It is currently Tue Sep 02, 2014 5:19 pm

» Feed - Atomicorp

All times are UTC - 5 hours [ DST ]




Post new topic Reply to topic  [ 5 posts ] 
Author Message
 Post subject: ossec-dbd restarts every 5 minutes
Unread postPosted: Sat Jul 23, 2011 9:52 pm 
Offline
New Forum User
New Forum User

Joined: Sat Jul 23, 2011 7:52 pm
Posts: 1
Location: US
narrowed it down in the log /var/ossec/logs/ossec.log

2011/07/24 09:41:13 ossec-dbd: Connected to database 'tortix' at '127.0.0.1'.
2011/07/24 09:41:13 ossec-dbd(5203): ERROR: Error executing query 'SELECT id from server where hostname = 'mysite.com''. Error: 'Table 'tortix.server' doesn't exist'.
2011/07/24 09:41:13 ossec-dbd(5209): INFO: Closing connection to database.
2011/07/24 09:41:13 ossec-dbd(5210): INFO: Attempting to reconnect to database.
2011/07/24 09:41:13 ossec-dbd: Connected to database 'tortix' at '127.0.0.1'.
2011/07/24 09:41:13 ossec-dbd(5203): ERROR: Error executing query 'INSERT INTO server(last_contact, version, hostname, information) VALUES ('1311493273', 'v2.6', 'mysite.com', 'Linux mysite.com 2.6.32.43-6.art.x86_64 #1 SMP Thu Jul 14 14:14:48 EDT 2011 x86_64 - OSSEC HIDS v2.6')'. Error: 'Table 'tortix.server' doesn't exist'.
2011/07/24 09:41:13 ossec-dbd(5209): INFO: Closing connection to database.
2011/07/24 09:41:13 ossec-dbd(5210): INFO: Attempting to reconnect to database.
2011/07/24 09:41:13 ossec-dbd: Connected to database 'tortix' at '127.0.0.1'.
2011/07/24 09:41:13 ossec-dbd(5204): ERROR: Database error. Unable to run query.
2011/07/24 09:41:13 ossec-dbd(5203): ERROR: Error executing query 'SELECT id FROM server WHERE hostname = 'mysite.com''. Error: 'Table 'tortix.server' doesn't exist'.
2011/07/24 09:41:13 ossec-dbd(5209): INFO: Closing connection to database.
2011/07/24 09:41:13 ossec-dbd(5210): INFO: Attempting to reconnect to database.
2011/07/24 09:41:13 ossec-dbd: Connected to database 'tortix' at '127.0.0.1'.
2011/07/24 09:41:13 ossec-dbd(1202): ERROR: Configuration error at '/var/ossec/etc/ossec.conf'. Exiting.
2011/07/24 09:41:13 ossec-execd: INFO: Adding offenders timeout: 1200 (for #1)
2011/07/24 09:41:13 ossec-execd: INFO: Adding offenders timeout: 2400 (for #2)
2011/07/24 09:41:13 ossec-execd: INFO: Adding offenders timeout: 4800 (for #3)

seems that some tables are missing from the tortix database; not sure how that could have happened though.. looking at the table structure i see these tables:

mysql> show tables;
+---------------------------+
| Tables_in_tortix |
+---------------------------+
| pgui_error_str |
| pgui_hids_cat |
| pgui_modules |
| pgui_modules_groups |
| pgui_modules_windows |
| pgui_modules_windows_user |
| pgui_system_const |
| pgui_system_events |
| pgui_system_log |
| pgui_system_var |
| pgui_user |
| pgui_user_access |
| pgui_user_group |
| pgui_user_group_privs |
| pgui_user_privs |
| pgui_waf_cat |
| pgui_waf_cat_rule_map |
| pgui_waf_rules |
+---------------------------+

any help would be greatly appreciated!


Top
 Profile  
 
 Post subject: Re: ossec-dbd restarts every 5 minutes
Unread postPosted: Thu Jul 28, 2011 2:55 am 
Offline
Forum User
Forum User

Joined: Sat Jul 23, 2011 3:01 am
Posts: 7
Location: Canada
Did you happen to solve this? I believe are issues are related.


Top
 Profile  
 
 Post subject: Re: ossec-dbd restarts every 5 minutes
Unread postPosted: Thu Jul 28, 2011 10:16 am 
Offline
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin

Joined: Wed Dec 31, 1969 8:00 pm
Posts: 7892
Location: earth
probably indicates a failed upgrade in that example, or the mysql database is corrupted


Top
 Profile  
 
 Post subject: Re: ossec-dbd restarts every 5 minutes
Unread postPosted: Mon Aug 15, 2011 11:27 pm 
Offline
Forum User
Forum User

Joined: Thu May 15, 2008 3:12 pm
Posts: 7
same issue here


Top
 Profile  
 
 Post subject: Re: ossec-dbd restarts every 5 minutes
Unread postPosted: Mon Aug 15, 2011 11:47 pm 
Offline
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
User avatar

Joined: Thu Feb 07, 2008 7:49 pm
Posts: 3626
Location: Chantilly, VA
That means something is wrong with your database, either something is wrong with mysql, or your database has been corrupted somehow. Check these log files foer for errors:

/var/log/mysql.log

/var/ossec/log/ossec.log

Also, please see the FAQ for troubleshooting database problems, here are three common issues when either mysql has a corrupt database, or mysql is not configured correctly:

https://www.atomicorp.com/wiki/index.ph ... he_ASL_GUI

https://www.atomicorp.com/wiki/index.ph ... ne_away.27.

https://www.atomicorp.com/wiki/index.ph ... 7.0.0.1.27

The FAQ has lots of information on common (and not so common) errors and conditions, please check the FAQ first as its very likely your specific issue is already documented, and a simple procedure to resolve this issue is already included:

https://www.atomicorp.com/wiki/index.php/ASL_FAQ

If you can not find that issue, please post any errors you have in those two logs files.

_________________
Michael Shinn
Atomicorp - Security For Everyone

Co-Author of Troubleshooting Linux Firewalls.


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 5 posts ] 

» Feed - Atomicorp

All times are UTC - 5 hours [ DST ]


Who is online

Users browsing this forum: Bing [Bot] and 9 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group