search

ossec / ossec-hids

OSSEC is an Open Source Host-based Intrusion Detection System that performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response.
http://www.ossec.net
Other
4.52k stars 1.04k forks source link

Agents are not inserted into "agent" table using the PostgreSQL Database #1363

Open maxverro opened 6 years ago

maxverro commented 6 years ago

How can I get the OSSEC Server to populate the "agent" table?

OSSEC Server Version

sudo /var/ossec/bin/ossec-syscheckd -V OSSEC HIDS v2.9.3 - Trend Micro Inc.

My agent is visible and active

sudo /var/ossec/bin/agent_control -ls
000,ossecserver (server),127.0.0.1,Active/Local,
001,ST175_06,10.10.10.175,Active,

In the PostgreSQL database, the "agent" table is empty

psql (9.5.10)
Type "help" for help.

ossecdb=> select * from agent;
 id | server_id | last_contact | ip_address | version | name | information
----+-----------+--------------+------------+---------+------+-------------
(0 rows)

The "server" table is getting populated

ossecdb=> select * from server;
 id | last_contact | version |  hostname   |                                                information
----+--------------+---------+-------------+------------------------------------------------------------------------------------------------------------
  1 |   1518122335 | v2.9.3  | ossecserver | Linux ossecserver 4.4.0-87-generic #110-Ubuntu SMP Tue Jul 18 12:55:35 UTC 2017 x86_64 - OSSEC HIDS v2.9.3
(1 row)

What am I missing? Why is the agent not being inserted into the table?

Thank you.

ddpbsd commented 6 years ago

You'll have to add support for that in dbd.

maxverro commented 6 years ago

Okay, thank you. I will take a look at the documentation to find a way to do this.

lceames commented 5 years ago

Did you find a way to do this @maxverro?