From OSSEC Wiki
Contents |
How to Setup Database Output
OSSEC supports MySQL and PostgreSQL database outputs.
Enabling Database support
- Before you run the "./install.sh" script, execute the following:
$ cd ossec-hids-1.6 $ cd src; make setdb; cd .. $ ./install.sh
- AFTER the install is completed, run:
$ /var/ossec/bin/ossec-control enable database
Configuring MySQL
Create a database with the following schema:
# mysql -u root -p
mysql> create database ossec;
mysql> grant INSERT,SELECT,UPDATE,CREATE,DELETE,EXECUTE on ossec.* to ossecuser@<ossec ip>;
Query OK, 0 rows affected (0.00 sec)
mysql> set password for ossecuser@<ossec ip>=PASSWORD('ossecpass');
Query OK, 0 rows affected (0.00 sec)
mysql> flush privileges;
Query OK, 0 rows affected (0.00 sec)
mysql> quit
# mysql -u root -p ossec < /path/to/ossec-hids-major.minor/src/os_dbd/mysql.schema
Configure OSSEC to forward the alerts to MySQL
Edit /var/ossec/etc/ossec.conf
- In this example, we are forwarding to 192.168.2.30, using ossec_u as the user.
<ossec_config>
<database_output>
<hostname>192.168.2.30</hostname>
<username>ossecuser</username>
<password>ossecpass</password>
<database>ossec</database>
<type>mysql</type>
</database_output>
</ossec_config>
Configuring PostgreSQL
Create a user for OSSEC
$ sudo -u postgres createuser -D -A -P ossec_user Enter password for new role: Enter it again: Shall the new role be allowed to create more new roles? (y/n) n CREATE ROLE
Create a database for OSSEC
$ sudo -u postgres createdb -O ossec_user ossecdb CREATE DATABASE
Create the necessary tables from the PostgreSQL schema
$ psql -h 127.0.0.1 -U ossec_user -d ossecdb -f /path/to/ossec-hids-major.minor/src/os_dbd/postgresql.schema
Configure OSSEC to forward the alerts to PostgreSQL
- In this example, we are forwarding to 192.168.2.99, using ossec_user as the user.
<ossec_config>
<database_output>
<hostname>192.168.2.99</hostname>
<username>ossec_user</username>
<password>xyz123</password>
<database>ossecdb</database>
<type>postgresql</type>
</database_output>
</ossec_config>