Configuring PgSQL

Database Setup

Create a user for OSSEC within PgSQL

$ sudo -u postgres createuser -D -A -P ossec_user
Enter password for new role:
Enter it again:
Shall the new role be allowed to create more new roles? (y/n) n

Create a database for OSSEC

$ sudo -u postgres createdb -O ossec_user ossecdb

Create the necessary tables from the PostgreSQL schema located in the src/os_dbd directory of the distribution.

$ psql -h -U ossec_user -d ossecdb -f postgresql.schema


In order for ossec to output alerts and other data into the database the /var/ossec/etc/ossec.conf will need to be updated and a <database_output> section will need to be added.


The values will need to be corrected for your installation’s hostname, postgresql user, password, and database.

Complete PgSQL Output

All that is left is to enable the database daemon and restart ossec for the changes to take effect.

# /var/ossec/bin/ossec-control enable database
# /var/ossec/bin/ossec-control restart