wazuh-db ERROR DB & ossec-analysisd ERROR dbsync

2,633 views
Skip to first unread message

Humbert Gast

unread,
Jan 22, 2021, 2:38:31 AM1/22/21
to Wazuh mailing list
Dear all,

Since some times I get some error on wazuh app log and I didn't find anything to resolve this.

2021-01-22T07:34:53+00:00 wazuh-db ERROR DB(157) sqlite3_prepare_v2() stmt(68): no such table: fim_entry 

2021-01-22T07:34:53+00:00 ossec-analysisd ERROR dbsync: Bad response from database: Cannot perform range checksum

2021-01-22T07:34:50+00:00 wazuh-db ERROR DB(158) sqlite3_prepare_v2() stmt(68): no such table: fim_entry

2021-01-22T07:34:50+00:00 ossec-analysisd ERROR dbsync: Bad response from database: Cannot perform range checksum  

Could someone help me to resolve please?

Regards,
Alex

mauro.e...@wazuh.com

unread,
Jan 22, 2021, 5:52:22 AM1/22/21
to Wazuh mailing list
Hi Alex,

It looks like the central DB for some of your agents has been corrupted and don't have the fim_entry table in them. Could you provide a little more context on your environment? What versions are your manager and agents and what OS do they run on? Have you upgraded your manager lately? You might need to remove the affected DBs and let the manager rebuild them, but lets see if we can find the source of the problem first.

Best regards,
Mauro.

Humbert Gast

unread,
Jan 22, 2021, 6:27:50 AM1/22/21
to Wazuh mailing list
Hi Mauro,

Thanks a lot for you reply and sorry I have do some step to resolve and it's works.


Delete all DB files
systemctl stop wazuh-manager
rm -rf /var/ossec/queue/db/*
rm -rf /var/ossec/var/db/*

Enable Wazuh repo,  reinstall Wazuh-manager and disable Wazuh repo
vim /etc/yum.repos.d/wazuh.repo
yum reinstall wazuh-manager
vim /etc/yum.repos.d/wazuh.repo  
systemctl start wazuh-manager  

After all seems good :)
2021-01-22T10:54:46+00:00 wazuh-db INFO  Started (pid: 193628).
2021-01-22T10:50:57+00:00 wazuh-db INFO  (1225): SIGNAL [(15)-(Terminated)] Received. Exit Cleaning...


Can I find some information for you on logs to find the source of the problem ?
I'm on 4.0.4.1 not in cluster (wazuh and ELK on same server too)
I think the problem after multiple upgrade  (1rst Install on 2016 or 2017 but I don't remember wich version of wazuh) and I think error appear few weeks ago with the upgrade on the 4.0 version.

Regards,
Alex

mauro.e...@wazuh.com

unread,
Jan 22, 2021, 6:46:04 AM1/22/21
to Wazuh mailing list
Hi Alex,

Glad to hear it's working now.

The most likely cause for this error would have been an upgrade on the DBs that went wrong, if you have any way of getting the version that was installed on the manager prior to upgrading that would be great (maybe it was the same as an agent that you haven't upgraded yet?), or maybe if you have the ossec.log file from the day you upgraded the manager somewhere. If not then I don't think there is much else to do.

Best regards,
Mauro

Humbert Gast

unread,
Jan 22, 2021, 9:37:30 AM1/22/21
to Wazuh mailing list
Hi, 
I always upgrade all on each version :) so I think we upgrade from last 3.x to 4.0.

Regards,
Alex
Reply all
Reply to author
Forward
0 new messages