Manual

If you couldn’t find what you were looking for here, please check our FAQ too.

  1. Brief non-technical overview
  2. OSSEC architecture
  3. Supported systems
  4. Quotes from our users
  5. Installation and update information
  6. Helper tools
    1. Agent control – Agent list, status, scans, etc
    2. Manage agents – Tools to add/remove agents on the manager
    3. Syscheck control – Manages syscheck database
    4. Rootcheck control – Manages the system auditing/policy monitoring database
    5. Reporting tool – Generate text-based reports
    6. Creating a separated directory for testing OSSEC rules/config
    7. Monitoring WordPress – (wpsyslog2 plugin)
  7. Syscheck – How to configure and use File Integrity checking
    1. Realtime file integrity monitoring
  8. Agentless monitoring – How to configure and manage systems without an agent
  9. Process monitoring – How to monitor the output of commands with OSSEC
  10. Centralized agent configuration – How to configure your agent directly from the manager
  11. Output options
    1. Syslog – Sending the alerts via syslog
  12. Active response – How to configure and use active responses
    1. Active response on Windows – Explains how to enable it on Windows 2000/xp/2003/2008/vista
  13. General configuration options – Page with most configuration options summarized
  14. FAQ – Frequently asked questions by our users (answers to our wiki)

——–
Welcome to the OSSEC HIDS manual! Hopefully it will help you install, configure and use the OSSEC HIDS in a way that best fits your needs. This manual is maintained by Daniel Cid . If you find any errors or think that something is missing, please contact us and we will update it. Questions should be submitted to one of our Mailing lists. For commercial support, please visit: Get Professional Support from Trend Micro.

Last modification on 23/Nov/2009 for the Version 2.3.