store | blogs | forums | twitter | facebook | wiki | mailing lists | downloads | support portal
Atomic Secure Linux
It is currently Tue Jun 18, 2013 10:32 pm

View unanswered posts | View active topics


Board index » Customer Support Forums » Atomic Secured Linux Support

» Feed - Atomicorp

All times are UTC - 5 hours [ DST ]



Post new topic Reply to topic Share/Bookmark  Page 1 of 1
  [ 5 posts ] 
  Print view Previous topic | First unread post | Next topic 
Author Message
DarkF@der
 Post subject: Ossec restarting every 3 min
Unread postPosted: Tue Jun 26, 2012 7:19 am 
Offline
Forum Regular
Forum Regular

Joined: Thu May 07, 2009 12:46 pm
Posts: 220
Hello,


After upgrading ossec-hids i got a problem with ossec:


Code:
2012/06/26 13:08:06 ossec-dbd: Connected to database 'tortix' at '127.0.0.1'.
2012/06/26 13:08:06 ossec-dbd: Unable to insert location: 'xxxx->netstat -nltp  | grep LISTEN | egrep -v "127.0.0.1|\[1-9][1-9][1-9][1-9].*ftp"  | awk '{print $1"\t"$4"\t"$5"\t"$6}''.
2012/06/26 13:08:11 ossec-dbd(5203): ERROR: Error executing query 'SELECT id FROM location WHERE name = 'xxxxx->netstat -nltp  | grep LISTEN | egrep -v "127.0.0.1|\[1-9][1-9][1-9][1-9].*ftp"  | awk '{print $1"\t"$4"\t"$5"\t"$6}'' AND server_id = '2' LIMIT 1'. Error: 'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '{print $1"\t"$4"\t"$5"\t"$6}'' AND server_id = '2' LIMIT 1' at line 1'.
2012/06/26 13:08:11 ossec-dbd(5209): INFO: Closing connection to database.
2012/06/26 13:08:11 ossec-dbd(5210): INFO: Attempting to reconnect to database.
2012/06/26 13:08:11 ossec-dbd: Connected to database 'tortix' at '127.0.0.1'.
2012/06/26 13:08:11 ossec-dbd(5203): ERROR: Error executing query 'INSERT INTO location(server_id, name) VALUES ('2', 'xxxxxx->netstat -nltp  | grep LISTEN | egrep -v "127.0.0.1|\[1-9][1-9][1-9][1-9].*ftp"  | awk '{print $1"\t"$4"\t"$5"\t"$6}'')'. Error: 'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '{print $1"\t"$4"\t"$5"\t"$6}'')' at line 1'.
2012/06/26 13:08:11 ossec-dbd(5209): INFO: Closing connection to database.
2012/06/26 13:08:11 ossec-dbd(5210): INFO: Attempting to reconnect to database.
2012/06/26 13:08:11 ossec-dbd: Connected to database 'tortix' at '127.0.0.1'.
2012/06/26 13:08:11 ossec-dbd(5204): ERROR: Database error. Unable to run query.
2012/06/26 13:08:11 ossec-dbd(5203): ERROR: Error executing query 'SELECT id FROM location WHERE name = 'xxxxx->netstat -nltp  | grep LISTEN | egrep -v "127.0.0.1|\[1-9][1-9][1-9][1-9].*ftp"  | awk '{print $1"\t"$4"\t"$5"\t"$6}'' AND server_id = '2' LIMIT 1'. Error: 'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '{print $1"\t"$4"\t"$5"\t"$6}'' AND server_id = '2' LIMIT 1' at line 1'.
2012/06/26 13:08:11 ossec-dbd(5208): ERROR: Multiple database errors. Exiting.
2012/06/26 13:08:46 ossec-monitord(1225): INFO: SIGNAL Received. Exit Cleaning...
2012/06/26 13:08:46 ossec-logcollector(1225): INFO: SIGNAL Received. Exit Cleaning...
2012/06/26 13:08:47 ossec-syscheckd(1225): INFO: SIGNAL Received. Exit Cleaning...
2012/06/26 13:08:47 ossec-analysisd(1225): INFO: SIGNAL Received. Exit Cleaning...
2012/06/26 13:08:47 ossec-execd(1314): INFO: Shutdown received. Deleting responses.
2012/06/26 13:08:47 ossec-execd(1225): INFO: SIGNAL Received. Exit Cleaning...
2012/06/26 13:08:57 ossec-dbd: Connected to database 'tortix' at '127.0.0.1'.
2012/06/26 13:08:57 ossec-maild: INFO: E-Mail notification disabled. Clean Exit.
2012/06/26 13:08:57 ossec-execd: INFO: Adding offenders timeout: 20 (for #1)
2012/06/26 13:08:57 ossec-execd: INFO: Adding offenders timeout: 40 (for #2)
2012/06/26 13:08:57 ossec-execd: INFO: Adding offenders timeout: 80 (for #3)
2012/06/26 13:08:57 ossec-execd: INFO: Started (pid: 1343).



somebody know what happening?

ossec version is ossec-hids-2.6-14.el5.art
asl version ASL Version 3.0.26: CentOS 5 (SUPPORTED)


asl -s -f didn't help



thanx in advanced


Last edited by DarkF@der on Tue Jun 26, 2012 8:56 am, edited 2 times in total.

Top
 Profile  
 
biggles
 Post subject: Re: Ossec restarting every 3 min
Unread postPosted: Tue Jun 26, 2012 8:49 am 
Offline
Forum Regular
Forum Regular

Joined: Tue Jul 15, 2008 2:38 pm
Posts: 715
Location: Sweden
Same error here...
Top
 Profile  
 
DarkF@der
 Post subject: Re: Ossec restarting every 3 min
Unread postPosted: Tue Jun 26, 2012 10:54 am 
Offline
Forum Regular
Forum Regular

Joined: Thu May 07, 2009 12:46 pm
Posts: 220
The new update seems to fixed it.....
Top
 Profile  
 
mikeshinn
 Post subject: Re: Ossec restarting every 3 min
Unread postPosted: Tue Jun 26, 2012 1:10 pm 
Offline
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
User avatar

Joined: Thu Feb 07, 2008 7:49 pm
Posts: 3264
Location: Chantilly, VA
26-3 fixes this. If you arent sure if you are running it, run these command as root to upgrade:

yum clean all

yum -y upgrade asl asl-web gradm ossec-hids asl-waf-module

asl -s -f

asl -u

_________________
Michael Shinn
Atomicorp - Security For Everyone

Co-Author of Troubleshooting Linux Firewalls.

Top
 Profile  
 
biggles
 Post subject: Re: Ossec restarting every 3 min
Unread postPosted: Tue Jun 26, 2012 2:14 pm 
Offline
Forum Regular
Forum Regular

Joined: Tue Jul 15, 2008 2:38 pm
Posts: 715
Location: Sweden
Updated. No errors so far...
Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic Share/Bookmark  Page 1 of 1
  [ 5 posts ] 

Board index » Customer Support Forums » Atomic Secured Linux Support

» Feed - Atomicorp

All times are UTC - 5 hours [ DST ]

Who is online

Users browsing this forum: No registered users and 1 guest

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group