Configuring PgSQL

Database Setup

Create a user for OSSEC within PgSQL

$ sudo -u postgres createuser -D -A -P ossec_user
Enter password for new role:
Enter it again:
Shall the new role be allowed to create more new roles? (y/n) n
CREATE ROLE

Create a database for OSSEC

$ sudo -u postgres createdb -O ossec_user ossecdb
CREATE DATABASE

Create the necessary tables from the PostgreSQL schema located in the src/os_dbd directory of the distribution.

$ psql -h 127.0.0.1 -U ossec_user -d ossecdb -f postgresql.schema

OSSEC Setup

In order for ossec to output alerts and other data into the database the /var/ossec/etc/ossec.conf will need to be updated and a <database_output> section will need to be added.

<ossec_config>
    <database_output>
        <hostname>192.168.2.30</hostname>
        <username>ossecuser</username>
        <password>ossecpass</password>
        <database>ossec</database>
        <type>postgresql</type>
    </database_output>
</ossec_config>

The values will need to be corrected for your installation’s hostname, postgresql user, password, and database.

Complete PgSQL Output

All that is left is to enable the database daemon and restart ossec for the changes to take effect.

# /var/ossec/bin/ossec-control enable database
# /var/ossec/bin/ossec-control restart

Table Of Contents

Previous topic

Configuring MySQL

Next topic

Daily E-Mail Reports