• Support
  • Forums
  • Blogs

No events i the DB after updating to 5.6.6


New Life Form
So, I was waiting for 5.6.6 to fix issues of 5.6, but its only getting worse.

After upgrading from 5.6 to 5.6.6 SIEM events stops populating into DB.
Logs are still coming into /var/log/alienvault/devices/ and OSSEC alerts are also in place. 
Seems like server cannot either parse logs or put events into database.
The strange part here is that I also have external OSSIM sensor(also 5.6.6) which forwards events to OSSIM, and it's events are present in the DB and GUI.
Troubleshooting attempts:

directory   /var/log/alienvault/agent/ is empty. 
There's errors in server.log file: 
#tail   /var/log/alienvault/server/server.log
Query: INSERT IGNORE INTO (event_id, filename, username, password, userdata1, userdata2, userdata3, userdata4, userdata5, userdata6, userdata7, userdata8, userdata9, data_payload, binary_data)extra_data error: Unknown column 'event_id' in 'field list'  

Any help is much appreciated. 

Share post:


  • So, I'm a little bit disappointed in the community. 
    Steps to troubleshoot fix:

    # /usr/bin/ossim-agent -d -f

    ParserUtil [INFO]: [custom_date_formats] Successfully loaded from "/etc/ossim/agent/plugins/date_config/date_formats.json"
    2018-12-03 14:54:31,747 ParserUtil [WARNING]: Deleting corrupt file host_cache_pro.dic
    Traceback (most recent call last):
      File "/usr/bin/ossim-agent", line 41, in <module>
        agent = Agent()
      File "/usr/share/alienvault/ossim-agent/Agent.py", line 95, in __init__
      File "/usr/share/alienvault/ossim-agent/ParserUtil.py", line 1131, in loadHostCache
    OSError: [Errno 2] No such file or directory: '/etc/ossim/agent/host_cache_pro.dic'

    There's no such file - /etc/ossim/agent/host_cache_pro.dic
    So -   cp   /etc/ossim/agent/host_cache.dic  /etc/ossim/agent/host_cache_pro.dic
    and start the agent  ossim-agent -d -f

    Check that agent start working: 
    # tail   /var/log/alienvault/agent/agent.log



Sign In or Register to comment.