Hello,
Could anyone please tell me if it is possible to set]up ossec on a MySQL database on a non-standard port? I have been trying for two days but all my attempts have failed so far. When I put the following in ossec-hids/etc/ossec.conf:
I get the error below in the /ossec-hids/logs/ossec.log
If I remove the port number from the setting above, then the error message go away but nothing hits the OSSEC database.
Just to clarify, I have 3 jails inside my FreeBSD host.
FreeBSD_Host is 192.168.1.185
MySQL_Jail is 192.168.1.130
Apache_Jail is 192.168.1.125
The ossec server is installed on the FreeBSD host as it's easier to integrate with the PF firewall and the agent are on all the jails.
Here is the proof that the database is working ok:
Could anyone help me please?
Thank you,
Fred
Could anyone please tell me if it is possible to set]up ossec on a MySQL database on a non-standard port? I have been trying for two days but all my attempts have failed so far. When I put the following in ossec-hids/etc/ossec.conf:
Code:
<database_output>
<hostname>192.168.1.130:1226</hostname>
<username>ossec</username>
<password>MySQLPassword</password>
<database>ossec</database>
<type>mysql</type>
</database_output>
Code:
2014/11/25 08:57:00 ossec-dbd(5202): ERROR: Error connecting to database '192.168.1.130:1226'(ossec): ERROR: Unknown MySQL server host '192.168.1.130:122 6' (0).
/usr/local/ossec-hids/bin/ossec-control status
returns:
Code:
ossec-monitord is running...
ossec-logcollector is running...
ossec-remoted is running...
ossec-syscheckd is running...
ossec-analysisd is running...
ossec-maild is running...
ossec-execd is running...
ossec-dbd not running...
select user,host from mysql.user;
Code:
+---------------+--------------------+
| user | host |
+---------------+--------------------+
| ossec | 192.168.1.125 |
| ossec | 192.168.1.185 |
+---------------+--------------------+
FreeBSD_Host is 192.168.1.185
MySQL_Jail is 192.168.1.130
Apache_Jail is 192.168.1.125
The ossec server is installed on the FreeBSD host as it's easier to integrate with the PF firewall and the agent are on all the jails.
Here is the proof that the database is working ok:
Code:
root@FreeBSD_Host ~# mysql -h 192.168.1.130 -P1226 -u ossec -p ossec
Enter password:
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 3
Server version: 5.6.21-log Source distribution
Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> show tables;
+----------------------------+
| Tables_in_ossec |
+----------------------------+
| agent |
| alert |
| category |
| data |
| location |
| server |
| signature |
| signature_category_mapping |
+----------------------------+
8 rows in set (0.00 sec)
Thank you,
Fred
Last edited by a moderator: