Database output to non-standard postgres port
98 views
Skip to first unread message
jla
Jul 11, 2011, 3:32:51 PM7/11/11
to ossec-list
Hello,
Is there a way to send output to a non-standard port for postgres?
I'm attempting to send to a server on port 5489, but OSSEC uses
5432.
I have /var/ossec/etc/ossec.conf configured to send alerts to a
postgres DB with the following config:
<database_output>
<hostname>ip here</hostname>
<username>ossec_user</username>
<password>secret</password>
<database>ossec_dev</database>
<port>5489</port>
<type>postgresql</type>
</database_output>
After reading another mailing list message, I was hoping the port tag
would work, but after restarting OSSEC I get this in ossec.log:
2011/07/11 15:31:11 ossec-dbd(5202): ERROR: Error connecting to
database 'ip address here'(ossec_dev): ERROR: could not connect to
server: Connection refused
Is the server running on host "ip address here" and accepting
TCP/IP connections on port 5432?
Thank you for any help.
Jason
Is there a way to send output to a non-standard port for postgres?
I'm attempting to send to a server on port 5489, but OSSEC uses
5432.
I have /var/ossec/etc/ossec.conf configured to send alerts to a
postgres DB with the following config:
<database_output>
<hostname>ip here</hostname>
<username>ossec_user</username>
<password>secret</password>
<database>ossec_dev</database>
<port>5489</port>
<type>postgresql</type>
</database_output>
After reading another mailing list message, I was hoping the port tag
would work, but after restarting OSSEC I get this in ossec.log:
2011/07/11 15:31:11 ossec-dbd(5202): ERROR: Error connecting to
database 'ip address here'(ossec_dev): ERROR: could not connect to
server: Connection refused
Is the server running on host "ip address here" and accepting
TCP/IP connections on port 5432?
Thank you for any help.
Jason
jla
Jul 12, 2011, 1:17:16 PM7/12/11
to ossec-list
Nevermind, I was able to use a different port by setting the PGPORT
environment variable:
export PGPORT=5489
On Jul 11, 3:32 pm, jla <jash...@gmail.com> wrote:
> Hello,
> Is there a way to send output to a non-standardportforpostgres?
> I'm attempting to send to a server onport5489, but OSSEC uses
> 5432.
>
> I have /var/ossec/etc/ossec.conf configured to send alerts to apostgresDB with the following config:
environment variable:
export PGPORT=5489
On Jul 11, 3:32 pm, jla <jash...@gmail.com> wrote:
> Hello,
> Is there a way to send output to a non-standardportforpostgres?
> 5432.
>
> I have /var/ossec/etc/ossec.conf configured to send alerts to apostgresDB with the following config:
jla
Jul 29, 2011, 2:22:37 PM7/29/11
to ossec-list
Actually, using an environment variable had flaky behavior. Instead,
I edited the source around line 287 in ossec-hids-2.5.1/src/os_dbd/
db_op.c (see below), and recompiled OSSEC. The issue is that
PQsetdbLogin function expects the port parameter to be a string. I
converted the port number from in to string and pass it to the
PQsetdbLogin function.
It looks like the postgresql_osdb_connect function in db_op.c was set
up to receive the port number as an int, but abandoned in favor of
NULL since it probably wasn't functioning as expected. I'll try to
report this as a bug/suggestion. A better idea would be to clean up
this function so it has a char *port parameter instead of int.
void *postgresql_osdb_connect(char *host, char *user, char *pass, char
*db,
int port, char *sock)
{
PGconn *conn;
//conn = PQsetdbLogin(host, NULL, NULL, NULL, db, user, pass);
// Convert port to string
char portstr[5];
sprintf(portstr, "%d", port);
conn = PQsetdbLogin(host, portstr, NULL, NULL, db, user, pass);
...
}
Docs on PQsetdbLogin function: http://www.postgresql.org/docs/8.3/static/libpq-connect.html
I edited the source around line 287 in ossec-hids-2.5.1/src/os_dbd/
db_op.c (see below), and recompiled OSSEC. The issue is that
PQsetdbLogin function expects the port parameter to be a string. I
converted the port number from in to string and pass it to the
PQsetdbLogin function.
It looks like the postgresql_osdb_connect function in db_op.c was set
up to receive the port number as an int, but abandoned in favor of
NULL since it probably wasn't functioning as expected. I'll try to
report this as a bug/suggestion. A better idea would be to clean up
this function so it has a char *port parameter instead of int.
void *postgresql_osdb_connect(char *host, char *user, char *pass, char
*db,
int port, char *sock)
{
PGconn *conn;
//conn = PQsetdbLogin(host, NULL, NULL, NULL, db, user, pass);
// Convert port to string
char portstr[5];
sprintf(portstr, "%d", port);
conn = PQsetdbLogin(host, portstr, NULL, NULL, db, user, pass);
...
}
Docs on PQsetdbLogin function: http://www.postgresql.org/docs/8.3/static/libpq-connect.html
dan (ddp)
Oct 7, 2012, 11:45:26 PM10/7/12
to ossec...@googlegroups.com
And I thought pci dss was supposed to be security related
On Oct 7, 2012 11:44 PM, "Jonathan Ranes" <jonr...@gmail.com> wrote:
Ya that is part of pci dss non standard ports.
Jayadevan M
Sep 7, 2013, 8:46:53 AM9/7/13
to ossec...@googlegroups.com
I faced the same problem and made the change to db_op.c as mentioned above it it works now. Is it possible to move the change to source?
dan (ddp)
Sep 10, 2013, 9:05:08 AM9/10/13
to ossec...@googlegroups.com
On Tue, Sep 10, 2013 at 9:03 AM, dan (ddp) <ddp...@gmail.com> wrote:
>
Replying to myself is always fun... I don't see a patch in this
thread. Did I miss it?
>>
>> On Monday, October 8, 2012 9:16:16 AM UTC+5:30, dan (ddpbsd) wrote:
>>>
>>> And I thought pci dss was supposed to be security related
>>>
>>> On Oct 7, 2012 11:44 PM, "Jonathan Ranes" <jonr...@gmail.com> wrote:
>>>>
>>>> Ya that is part of pci dss non standard ports.
>>
>> --
>>
>> ---
>> You received this message because you are subscribed to the Google Groups
>> "ossec-list" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to ossec-list+...@googlegroups.com.
>> For more options, visit https://groups.google.com/groups/opt_out.
> On Sat, Sep 7, 2013 at 8:46 AM, Jayadevan M <maymala....@gmail.com> wrote:
>> I faced the same problem and made the change to db_op.c as mentioned above
>> it it works now. Is it possible to move the change to source?
>>
>
> If it isn't in 2.7.1, please remind us after 2.7.1 is released.
>> I faced the same problem and made the change to db_op.c as mentioned above
>> it it works now. Is it possible to move the change to source?
>>
>
>
Replying to myself is always fun... I don't see a patch in this
thread. Did I miss it?
>>
>> On Monday, October 8, 2012 9:16:16 AM UTC+5:30, dan (ddpbsd) wrote:
>>>
>>> And I thought pci dss was supposed to be security related
>>>
>>> On Oct 7, 2012 11:44 PM, "Jonathan Ranes" <jonr...@gmail.com> wrote:
>>>>
>>>> Ya that is part of pci dss non standard ports.
>>
>>
>> ---
>> You received this message because you are subscribed to the Google Groups
>> "ossec-list" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to ossec-list+...@googlegroups.com.
>> For more options, visit https://groups.google.com/groups/opt_out.
dan (ddp)
Sep 10, 2013, 9:03:34 AM9/10/13
to ossec...@googlegroups.com
On Sat, Sep 7, 2013 at 8:46 AM, Jayadevan M <maymala....@gmail.com> wrote:
> I faced the same problem and made the change to db_op.c as mentioned above
> it it works now. Is it possible to move the change to source?
>
> it it works now. Is it possible to move the change to source?
>
If it isn't in 2.7.1, please remind us after 2.7.1 is released.
>
>
> On Monday, October 8, 2012 9:16:16 AM UTC+5:30, dan (ddpbsd) wrote:
>>
>> And I thought pci dss was supposed to be security related
>>
>> On Oct 7, 2012 11:44 PM, "Jonathan Ranes" <jonr...@gmail.com> wrote:
>>>
>>> Ya that is part of pci dss non standard ports.
>
>>
>> And I thought pci dss was supposed to be security related
>>
>> On Oct 7, 2012 11:44 PM, "Jonathan Ranes" <jonr...@gmail.com> wrote:
>>>
>>> Ya that is part of pci dss non standard ports.
>
Jayadevan M
Sep 10, 2013, 9:51:25 AM9/10/13
to ossec...@googlegroups.com
HI,
I just had a look at the source and didn't see it either. I thought - being a newbie, may be I am not looking in the right place.You received this message because you are subscribed to a topic in the Google Groups "ossec-list" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/ossec-list/hq7Vp-Kgcuc/unsubscribe.
To unsubscribe from this group and all its topics, send an email to ossec-list+...@googlegroups.com.
Reply all
Reply to author
Forward
0 new messages