Create a user for OSSEC within PgSQL
$ sudo -u postgres createuser -D -A -P ossec_user
Enter password for new role:
Enter it again:
Shall the new role be allowed to create more new roles? (y/n) n
CREATE ROLE
Create a database for OSSEC
$ sudo -u postgres createdb -O ossec_user ossecdb
CREATE DATABASE
Create the necessary tables from the PostgreSQL schema located in the src/os_dbd directory of the distribution.
$ psql -h 127.0.0.1 -U ossec_user -d ossecdb -f postgresql.schema
In order for ossec to output alerts and other data into the database the /var/ossec/etc/ossec.conf will need to be updated and a <database_output> section will need to be added.
<ossec_config>
<database_output>
<hostname>192.168.2.30</hostname>
<username>ossecuser</username>
<password>ossecpass</password>
<database>ossec</database>
<type>postgresql</type>
</database_output>
</ossec_config>
The values will need to be corrected for your installation’s hostname, postgresql user, password, and database.
All that is left is to enable the database daemon and restart ossec for the changes to take effect.
# /var/ossec/bin/ossec-control enable database
# /var/ossec/bin/ossec-control restart