OSSEC supports MySQL and PostgreSQL database outputs.
These configurations options can be specified in the server or local install ossec.conf file.
database_output
¶hostname
¶IP Address of the database server.
Allowed: any valid IP address
username
¶Username to access the database.
Allowed: Any Valid Username
password
¶Password to access the database.
Allowed: Any Password
database
¶Database name to store the alerts.
Allowed: database name
type
¶Type of database (Mysql or PostgreSQL).
Note
OSSEC must be compiled with the database type that is to be used.
Allowed: mysql/postgresql
You must have the MySQL or PgSQL Client libraries installed on the OSSEC server. Typically something like
Ubuntu
# apt install mysql-server libmysqld-dev
or
# apt install postgresql libpq-dev
RedHat / CentOS
# yum install mysql-devel
or
# yum install postgresql-devel
You then need to set the DATABASE environment variable and run the ”./install.sh” script, to compile OSSEC with the appropriate database support.
# DATABASE=mysql ./install.sh
or
# DATABASE=pgsql ./install.sh
After installation is complete database support needs to be enabled. The following command will enable the database daemon on the next restart.
# /var/ossec/bin/ossec-control enable database