OSSEC supports MySQL and PostgreSQL database outputs.
These configurations options can be specified in the server or local install ossec.conf file.
You must have the MySQL or PgSQL Client libraries installed on the OSSEC server. Typically something like
OSSECUbuntu
# apt install mysql-server libmysqld-dev
or
# apt install postgresql libpq-dev
RedHat / CentOS
# yum install mysql-devel
or
# yum install postgresql-devel
You then need to set the DATABASE environment variable and run the “./install.sh” script, to compile OSSEC with the appropriate database support.
If OSSEC had been previously compiled without database support the files created during the previous build should be removed from the src directory.
# cd src
# make clean
Once the old files have been removed, the installation can be performed.
# DATABASE=mysql ./install.sh
or
# DATABASE=pgsql ./install.sh
After installation is complete database support needs to be enabled. The following command will enable the database daemon on the next restart.
# /var/ossec/bin/ossec-control enable database