OSSEC
3.6.0
About
Documentation
Get OSSEC+
Downloads
Site
Manual
Frequently asked questions
User submitted Cookbooks
Build, compile, and not much more
oRFC:
Syntax and Options
Output Formats
Man pages
Examples
« OSSEC Documentation
Getting start... »
Manual
ΒΆ
Getting started with OSSEC
Key Benefits
Key Features
OSSEC Architecture
Manager (or Server)
Agents
Agentless
Virtualization/VMware
Firewalls, switches and routers
Supported Systems
Operating Systems
Devices supported via Syslog
Devices and Operating Systems via Agentless
Installation
Installation requirements
Manager/Agent Installation
Manual Installation
Windows Agent Installation
Package Installation
Compiling OSSEC for a Binary Installation
Server Virtual Appliance Installation
Unattended Source Installation
Compiling the OSSEC Windows Agent on Windows
Requirements
Compilation
Integration and Deployment with cfengine
OSSEC Updates
Agents
Communication between agents and the OSSEC server
Managing Agents
Agent systems behind NAT or with dynamic IPs (DHCP)
Adding an agent with ossec-authd
Centralized agent configuration
Agentless Monitoring
Writing Agentless Scripts
Log monitoring/analysis
What is log analysis?
Quick Facts
Configuration Options
Monitoring logs
Syscheck
Why Integrity checking?
Quick facts
Realtime options
Configuration options
Configuration Examples
Real time Monitoring
Report Changes
MD5 whitelist database
Syscheck: FAQ
Rootcheck Manual
Rootcheck
Understanding the Unix policy auditing on OSSEC
Rules and Decoders
Testing OSSEC rules/decoders
CDB List lookups from within Rules
Create Custom decoder and rules
Directory path loading of rules and decoders
Rules Classification
Rules Group
Output and Alert options
Contents:
Overview:
Active Response
Creating Customized Active Responses
UNIX: Active Response Configuration
Windows: Active Response Configuration
Understanding Active Response with FreeBSD