Ran into an issue with getting mySQL to work. Updated /var/ossec/etc/ossec.conf to include:

<database_output>
     <hostname>192.168.2.30</hostname>
     <username>ossecuser</username>
     <password>ossecpass</password>
     <database>ossec</database>
     <type>mysql</type>
</database_output>

As per http://ossec-docs.readthedocs.io/en/latest/manual/output/mysql-database-output.html. I ran:

# /var/ossec/bin/ossec-control enable database
# /var/ossec/bin/ossec-control restart

Then I got the error:

ERROR: OSSEC not compiled with support for ‘mysql’.

Looks like OSSEC needs to be recompiled. Since I need to recompile and I also wanted to add snort, I will be implementing on a clean Ubuntu install so I can get things the way I want. Thought the OSSEC image would give me a head start.

Leave a Reply

Your email address will not be published. Required fields are marked *