[ossec-list] Re: Database output to non-standard postgres port

Fri, 29 Jul 2011 11:46:31 -0700 

Actually, using an environment variable had flaky behavior.  Instead,
I edited the source around line 287 in ossec-hids-2.5.1/src/os_dbd/
db_op.c (see below), and recompiled OSSEC.   The issue is that
PQsetdbLogin function expects the port parameter to be a string.  I
converted the port number from in to string and pass it to the
PQsetdbLogin function.

It looks like the postgresql_osdb_connect function in db_op.c was set
up to receive the port number as an int, but abandoned in favor of
NULL since it probably wasn't functioning as expected.  I'll try to
report this as a bug/suggestion.  A better idea would be to clean up
this function so it has a char *port parameter instead of int.


void *postgresql_osdb_connect(char *host, char *user, char *pass, char
*db,
                              int port, char *sock)
{
    PGconn *conn;

    //conn = PQsetdbLogin(host, NULL, NULL, NULL, db, user, pass);

    // Convert port to string
    char portstr[5];
    sprintf(portstr, "%d", port);

    conn = PQsetdbLogin(host, portstr, NULL, NULL, db, user, pass);

...
}


Docs on PQsetdbLogin function:  
http://www.postgresql.org/docs/8.3/static/libpq-connect.html

On Jul 12, 1:17 pm, jla <[email protected]> wrote:
> Nevermind, I was able to use a different port by setting the PGPORT
> environment variable:
>
> export PGPORT=5489
>
> On Jul 11, 3:32 pm, jla <[email protected]> wrote:
>
>
>
>
>
>
>
> > Hello,
> > Is there a way to send output to a non-standardportforpostgres?
> > I'm attempting to send to a server onport5489, but OSSEC uses
> > 5432.
>
> > I have /var/ossec/etc/ossec.conf configured to send alerts to apostgresDB 
> > with the following config:
>
> >   <database_output>
> >     <hostname>ip here</hostname>
> >     <username>ossec_user</username>
> >     <password>secret</password>
> >     <database>ossec_dev</database>
> >     <port>5489</port>
> >     <type>postgresql</type>
> >   </database_output>
>
> > After reading another mailing list message, I was hoping theporttag
> > would work, but after restarting OSSEC I get this in ossec.log:
>
> > 2011/07/11 15:31:11 ossec-dbd(5202): ERROR: Error connecting to
> > database 'ip address here'(ossec_dev): ERROR: could not connect to
> > server: Connection refused
> >         Is the server running on host "ip address here" and accepting
> >         TCP/IP connections onport5432?
>
> > Thank you for any help.
> > Jason

Reply via email to