Table Of Contents

OSSEC Links

Sending output to a Database

OSSEC supports MySQL and PostgreSQL database outputs.

Configuration options

These configurations options can be specified in the server or local install ossec.conf file.

database_output
hostname

IP Address of the database server.

Allowed: any valid IP address

username

Username to access the database.

Allowed: Any Valid Username

password

Password to access the database.

Allowed: Any Password

database

Database name to store the alerts.

Allowed: database name

type

Type of database (Mysql or PostgreSQL).

Note

OSSEC must be compiled with the database type that is to be used.

Allowed: mysql/postgresql

Enabling Database Support

Note

You must have the MySQL or PgSQL Client libraries installed on the OSSEC server.

Before you run the ”./install.sh” script execute the following to compile OSSEC with database support.

# cd ossec-hids-*
# cd src; make setdb; cd ..
# ./install.sh

Enable Database output in the configuration

After installation is complete database support needs to be enabled. The following command will enable the database daemon on the next restart.

# /var/ossec/bin/ossec-control enable database