NAME
OSSEC::MySQL - Module for getting information from the OSSEC Mysql Database
VERSION
version 0.1
DESCRIPTION
This Module/Class is part of the OSSEC distribution. It simplifies querying and working with OSSEC and its MySQL database output. At the moment you are able to search for an alert given by its id. Update the signature table within the database, which is not done by the current(3.5.0) version of OSSEC.
ATTRIBUTES
server
database server to conect to default localhost
Type: String
dbuser
database user to use to connect to server default ossec
Type: String
dbpass
database password to use to connect to server
Type: String
database
database to use to connect to server default ossec
Type: String
dbh
database handle, valid after calling connect
METHODS
connect
connect to the database server with the provided information
deleteAllRules
deletes all rules from the signature table of ossec
addRule
add a rule to the signature table of ossec
deleteAllAgents
deletes all agents from the agent table of ossec
addAgent
add an agent to the agent table of ossec
- Param1=the server_id
- Param2=last_contact information (epoch)
- Param3=ip address of the agent
- Param4=version the agent is using
- Param5=name of the agent
- Param6=information of the agent. e.g. OS...)
searchAlert
search for a given alertid and return the full alert
AUTHOR
Domink Meyer <dmeyer@federationhq.de>
COPYRIGHT AND LICENSE
This software is Copyright (c) 2019 by Dominik Meyer.
This is free software, licensed under:
The GNU General Public License, Version 3, June 2007