Sending output to a Database

OSSEC supports MySQL and PostgreSQL database outputs.

Configuration options

These configurations options can be specified in the server or local install ossec.conf file.

• database_output

  • hostname

    IP Address of the database server.

    Allowed: any valid IP address

  • username

    Username to access the database.

    Allowed: Any Valid Username

  • password

    Password to access the database.

    Allowed: Any Password

  • database

    Database name to store the alerts.

    Allowed: database name

  • type

    Type of database (Mysql or PostgreSQL).

    Note

    OSSEC must be compiled with the database type that is to be used.

    Allowed: mysql/postgresql

Enabling Database Support

You must have the MySQL or PgSQL Client libraries installed on the OSSEC server. Typically something like

Ubuntu
# apt install mysql-server libmysqld-dev
  or
# apt install postgresql libpq-dev

RedHat / CentOS
# yum install mysql-devel
  or
# yum install postgresql-devel

You then need to set the DATABASE environment variable and run the “./install.sh” script, to compile OSSEC with the appropriate database support.

If OSSEC had been previously compiled without database support the files created during the previous build should be removed from the src directory.

# cd src
# make clean

Once the old files have been removed, the installation can be performed.

# DATABASE=mysql ./install.sh
  or
# DATABASE=pgsql ./install.sh

Enable Database output in the configuration

After installation is complete database support needs to be enabled. The following command will enable the database daemon on the next restart.

# /var/ossec/bin/ossec-control enable database

Database Specific Setup

• Configuring MySQL
  • Database Setup
  • OSSEC Setup
  • Complete MySQL Output
• Configuring PgSQL
  • Database Setup
  • OSSEC Setup
  • Complete PgSQL Output