Sending output to a Database¶

OSSEC supports MySQL and PostgreSQL database outputs.

Configuration options¶

These configurations options can be specified in the server or local install ossec.conf file.

database_output¶

hostname¶

IP Address of the database server.

Allowed: any valid IP address

username¶

Username to access the database.

Allowed: Any Valid Username

password¶

Password to access the database.

Allowed: Any Password

database¶

Database name to store the alerts.

Allowed: database name

type¶

Type of database (Mysql or PostgreSQL).

Note

OSSEC must be compiled with the database type that is to be used.

Allowed: mysql/postgresql

Enabling Database Support¶

You must have the MySQL or PgSQL Client libraries installed on the OSSEC server. Typically something like

Ubuntu
# apt install mysql-server libmysqld-dev
  or
# apt install postgresql libpq-dev

RedHat / CentOS
# yum install mysql-devel
  or
# yum install postgresql-devel

You then need to set the DATABASE environment variable and run the ”./install.sh” script, to compile OSSEC with the appropriate database support.

# DATABASE=mysql ./install.sh
  or
# DATABASE=pgsql ./install.sh

Enable Database output in the configuration¶

After installation is complete database support needs to be enabled. The following command will enable the database daemon on the next restart.

# /var/ossec/bin/ossec-control enable database

Sending output to a Database¶

Configuration options¶

Enabling Database Support¶

Enable Database output in the configuration¶

Database Specific Setup¶