ERROR DB MySQL

[Николай Коротыгин]

Hello!!!

My initial data:

1) GNU/Linux Debian 11 (5.10.0-21-amd64 #1 SMP Debian 5.10.162-1 x86_64)

2) WAZUH MANAGER v4.3.10

3) MySQL 8.0.32 for Linux on x86_64 (Server)

4) Installing the Wazuh manager from sources + Configuring database output (MuSQL)

Server config attached

Of all the actions, I did not perform only in paragraph 4 the actions related to make.(make -C src clean # make -C src clean-deps) it's not clear how it works. if you execute it before starting the script, the dependencies are downloaded anyway. if after then what's the point

I am attaching the error log file. And the command (output) I am attaching the error log file. And the command (output) ERROR

[Pablo Ariel Gonzalez]

Hi Nikolaykorotygin,

   Let's see if we can help you with this problem. First of all, I understand that you have installed wazuh manager from the source following the documentation, this has been completed correctly?
Then I understand that you have tried to configure the event forwarding to MySQL, please confirm if you have followed the steps described in the official documentation to configure the MySQL database.

Thanks,

[Николай Коротыгин]

Hi,  I did everything according to the instructions from the installation from source

1)except for: if you execute it before running the script, then the dependencies are re-downloaded, if you do it after, then it's not clear why this is needed

cd wazuh-4.3.10 

# make -C src clean 

# make -C src clean-deps

2)MySQL setup as in the instructions, I attach an example

3)The mysql.schema file is located on the path attached below, not as indicated in the instructions

воскресенье, 5 февраля 2023 г. в 22:05:00 UTC+3, pablo.g...@wazuh.com:

[Николай Коротыгин]

Good evening everyone!!!

When doing the action       ""     echo "deb-src http://archive.ubuntu.com/ubuntu $(lsb_release -cs) main" >> /etc/apt/sources.list      ""

then writes the following:    404 Not Found [IP: 91.189.91.39 80]

                                                 E: Repository "http://archive.ubuntu.com/ubuntu ..." does not contain Release.

                                                 N: Updates from this repository cannot be done securely, so it is disabled by default.

                                                 N: See the apt-secure(8) man page for information about creating a repository and user settings.

                                                                    I have OS Debian 11

http://archive.debian.org/???

понедельник, 6 февраля 2023 г. в 20:12:34 UTC+3, Николай Коротыгин:

[Pablo Ariel Gonzalez]

Hi Nikolaykorotygin, sorry for the delay in replying. I understand from what you say that you have not yet completed the installation of Wazuh. Let's do this and then we will analyze the problem in MySQL.

Regarding your question of step 2 in the section installing the wazuh manager of the documentation, it is correct what you indicate, in the case of Debian that command will not work that way. However, if you have deb-src repositories enabled you can run the command without including any external repositories. I have verified it in Debian 11 and with the following source.list it works correctly.

source.list:

deb http://deb.debian.org/debian bullseye main
deb-src http://deb.debian.org/debian bullseye main
deb http://deb.debian.org/debian-security bullseye-security main
deb-src http://deb.debian.org/debian-security bullseye-security main
deb http://deb.debian.org/debian bullseye-updates main
deb-src http://deb.debian.org/debian bullseye-updates main

Please run these steps and let's check that the agent has started correctly.

Thanks,

[Николай Коротыгин]

Good afternoon

Read the dialogue above. Thank you!

Wazuh installed from sources 

(following steps 

                           1.  echo "deb-src http://archive.ubuntu.com/ubuntu $(lsb_release -cs) main" >> /etc/apt/sources.list : no repository exists) for Debian (installed Python from Debian repositories) 

                           2. cd wazuh-4.3.10 make -C src clean make -C src clean-deps : removes and then installs again when the script is run, it's not clear why????? ) Wazuh (server)

                                                         Manager is in ACTIVE state.  

Database is not populated in osseg.log ERROR ?????????????????????????????????????????

file attached 

 Please hear me

пятница, 10 февраля 2023 г. в 07:03:48 UTC+3, Pablo Ariel Gonzalez:

[Николай Коротыгин]

Good afternoon
is it related somehow?

https://github.com/wazuh/wazuh/issues/14081

вт, 14 февр. 2023 г., 22:40 Николай Коротыгин <nikolayk...@gmail.com>:

--
You received this message because you are subscribed to a topic in the Google Groups "Wazuh mailing list" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/wazuh/vdOO6OobEyw/unsubscribe.
To unsubscribe from this group and all its topics, send an email to wazuh+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/ffbcd9aa-b8ab-4644-b601-506730f52f02n%40googlegroups.com.

[Pablo Ariel Gonzalez]

Hi Nikolaykorotygin, correct. 

What I said before was to solve the incorrect configuration of the documentation for Debian. Anyway, going back to your initial query, it is correct what you indicate as it seems your error is at least similar to the one indicated in the issue. I will consult internally on how we can solve it and I will share the information with you later.

Thanks,

[Pablo Ariel Gonzalez]

Hi Nikolaykorotygin,

Sorry for the delay in replying. Unfortunately, we do not yet have a workaround for this problem. We are working to resolve it in a future release. For this we are working on a new parsing engine, you can follow its progress through the following issue.

Anyway, you can leave a comment on the issue mentioned above or generate a new one so that we can consider this need when we move forward with the new releases.

Thanks,