I followed the same tutorials as well and it seems that nothing is going to the database. select * from alert; returns nothing.
On Friday, June 15, 2012 2:34:03 PM UTC-7, Fred Sasse wrote: > > I am currently using the webui just fine in SLES11. I have ordered > the OSSEC-HIDS book and it is on its way. > > I have a dumb database question. > > I followed the directions to send output the mysql database here: > > http://www.ossec.net/doc/manual/output/database-output.html > > Everything seems to go OK with the mysql commands to do this. However, > I am not convinced that everything in the /var/ossec/logs is going to > the database. Is there a way to check this? My dumb question is > this: > > If database output is enabled, should everything that is in /var/ossec/ > logs also be in the mysql "ossec" database? > > I understand the webui does not use the database output, and only uses > the logs in /var/ossec/logs. That is fine with me.
