New setup of Wazuh - Output to PostgreSQL configuration
92 views
Skip to first unread message
Raj W
Jul 31, 2023, 4:08:29 PM7/31/23
to Wazuh mailing list
New Wazuh user here. I need to log the data/output to a PostgreSQL database. I have the database setup and I'm following these Wazuh instructions:
https://documentation.wazuh.com/current/user-manual/manager/manual-database-output.html
These two lines work fine:
sudo -u postgres createuser -P PostgreSQLadmin
sudo -u postgres createdb -O PostgreSQLadmin Alerts_DB
This line is not working for me:
psql -U PostgreSQLadmin -d Alerts_DB -f src/os_dbd/postgresql.schema
It generates the error: "failed: FATAL: Peer authentication failed for user "PostgreSQLadmin""
What am I doing wrong? This is a default install of PostgreSQL running on a fresh Ubuntu 22.04 (LTS) build, nothing else is on the server.
https://documentation.wazuh.com/current/user-manual/manager/manual-database-output.html
These two lines work fine:
sudo -u postgres createuser -P PostgreSQLadmin
sudo -u postgres createdb -O PostgreSQLadmin Alerts_DB
This line is not working for me:
psql -U PostgreSQLadmin -d Alerts_DB -f src/os_dbd/postgresql.schema
It generates the error: "failed: FATAL: Peer authentication failed for user "PostgreSQLadmin""
What am I doing wrong? This is a default install of PostgreSQL running on a fresh Ubuntu 22.04 (LTS) build, nothing else is on the server.
Julián Morales
Jul 31, 2023, 7:29:47 PM7/31/23
to Raj W, Wazuh mailing list
Hi Raj,
The error message "FATAL: Peer authentication failed for user 'PostgreSQLadmin'" suggests that the PostgreSQL database is not allowing the user 'PostgreSQLadmin' to connect because of the current authentication method set in the PostgreSQL configuration.
PostgreSQL uses a file named `pg_hba.conf` to control client authentication. This file is located in the PostgreSQL data directory, which is typically `/etc/postgresql/<version>/main/` on Ubuntu.
The 'peer' authentication method works by obtaining the client's operating system user name, with no password prompt. If the operating system username matches the PostgreSQL username, the login is allowed. However, if you're trying to connect as 'PostgreSQLadmin' from a different operating system user, 'peer' authentication will fail.
To solve this issue, you can change the authentication method from 'peer' to 'md5' or 'password', which will prompt for a password regardless of the operating system user. Here's how to do it:
1. Open the `pg_hba.conf` file in a text editor. You might need root privileges to do this. For example:
```
sudo nano /etc/postgresql/<version>/main/pg_hba.conf
```
Replace `<version>` with your PostgreSQL version number.
2. Look for lines that look like this:
```
local all all peer
```
or
```
local all PostgreSQLadmin peer
```
3. Change 'peer' to 'md5' or 'password'. For example:
```
local all all md5
```
or
```
local all PostgreSQLadmin md5
```
4. Save the file and exit the text editor.
5. Restart the PostgreSQL service to apply the changes:
```
sudo service postgresql restart
```
After these steps, try running your command again. You should be prompted for the password of the 'PostgreSQLadmin' user.
On the other hand, I recommend that you read this thread about the current problem of integration and the wazuh-dbd daemon:
https://github.com/wazuh/wazuh/issues/17986
I hope you find this useful
The error message "FATAL: Peer authentication failed for user 'PostgreSQLadmin'" suggests that the PostgreSQL database is not allowing the user 'PostgreSQLadmin' to connect because of the current authentication method set in the PostgreSQL configuration.
PostgreSQL uses a file named `pg_hba.conf` to control client authentication. This file is located in the PostgreSQL data directory, which is typically `/etc/postgresql/<version>/main/` on Ubuntu.
The 'peer' authentication method works by obtaining the client's operating system user name, with no password prompt. If the operating system username matches the PostgreSQL username, the login is allowed. However, if you're trying to connect as 'PostgreSQLadmin' from a different operating system user, 'peer' authentication will fail.
To solve this issue, you can change the authentication method from 'peer' to 'md5' or 'password', which will prompt for a password regardless of the operating system user. Here's how to do it:
1. Open the `pg_hba.conf` file in a text editor. You might need root privileges to do this. For example:
```
sudo nano /etc/postgresql/<version>/main/pg_hba.conf
```
Replace `<version>` with your PostgreSQL version number.
2. Look for lines that look like this:
```
local all all peer
```
or
```
local all PostgreSQLadmin peer
```
3. Change 'peer' to 'md5' or 'password'. For example:
```
local all all md5
```
or
```
local all PostgreSQLadmin md5
```
4. Save the file and exit the text editor.
5. Restart the PostgreSQL service to apply the changes:
```
sudo service postgresql restart
```
After these steps, try running your command again. You should be prompted for the password of the 'PostgreSQLadmin' user.
On the other hand, I recommend that you read this thread about the current problem of integration and the wazuh-dbd daemon:
https://github.com/wazuh/wazuh/issues/17986
I hope you find this useful
--
You received this message because you are subscribed to the Google Groups "Wazuh mailing list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/953aac7c-af41-4d40-aff8-bfa3331b152dn%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages