Supported systems

 
OSSEC supports the following operating systems and log formats:

Operating systems

The following operating systems are supported by the OSSEC agent:

  • GNU/Linux (all distributions, including RHEL, Ubuntu, Slackware, Debian, etc)
  • Windows XP,2000,2003,Vista,2008
  • VMWare ESX 3.0,3.5 (including CIS checks)
  • FreeBSD (all versions)
  • OpenBSD (all versions)
  • NetBSD (all versions)
  • Solaris 2.7,2.8,2.9 and 10
  • AIX 5.3 and 5.3
  • HP-UX 10, 11, 11i
  • MacOSX 10

Devices support via Syslog

These systems/devices are also supported via remote syslog:

  • Cisco PIX, ASA and FWSM (all versions)
  • Cisco IOS routers (all versions)
  • Juniper Netscreen (all versions)
  • SonicWall firewall (all versions)
  • Checkpoint firewall (all versions)
  • Cisco IOS IDS/IPS module (all versions)
  • Sourcefire (Snort) IDS/IPS (all versions)
  • Dragon NIDS (all versions)
  • Checkpoint Smart Defense (all versions)
  • McAfee VirusScan Enterprise (v8 and v8.5)
  • Bluecoat proxy (all versions)
  • Cisco VPN concentrators (all versions)

Agentless

Using OSSEC agentless options, the following systems are also supported (for log analysis and file integrity checking):

  • Cisco PIX, ASA and FWSM (all versions)
  • Cisco IOS routers (all versions)
  • Juniper Netscreen (all versions)
  • SonicWall firewall (all versions)
  • Checkpoint firewall (all versions)
  • All operating systems specified in the “operating systems” section

Database monitoring

Database monitoring is available for the following systems:

  • MySQL (all versions)
  • PostgreSQL (all versions)
  • Oracle, MSSQL (to be available soon)

Individual log formats and application support

  • Unix-only:
    • Unix Pam
    • sshd (OpenSSH)
    • Solaris telnetd
    • Samba
    • Su
    • Sudo
    • Xinetd
    • Adduser/deluser/etc
    • Cron/Crontab
    • Solaris BSM Auditing
    • Dpkg (Debian package) logs
    • Yum logs
  • FTP servers:
    • Proftpd
    • Pure-ftpd
    • vsftpd
    • wu-ftpd
    • Microsoft FTP server
    • Solaris ftpd
    • Mac OS FTP server
  • Mail servers:
    • Imapd and pop3d
    • Postfix
    • Sendmail
    • vpopmail
    • Microsoft Exchange
    • Courier imapd/pop3d/pop3-ssl
    • vm-pop3d
    • SMF-SAV (Sendmail Sender Address Validator)
    • Procmail
    • Mailscanner
  • Web servers:
    • Apache web server (access log and error log)
    • IIS 5/6 web server (NSCA and W3C extended)
    • Zeus web server
  • Web applications:
    • Horde imp
    • Modsecurity
  • Firewalls:
    • Iptables firewall
    • Shorewall (iptables-based) firewall
    • Solaris ipfilter firewall
    • AIX ipsec/firewall
    • Netscreen firewall
    • Windows firewall
    • Cisco PIX/ASA/FWSM
    • SonicWall firewall
    • Checkpoint firewall
  • Databases:
    • MySQL
    • PostgreSQL
  • NIDS:
    • Cisco IOS IDS/IPS module
    • Snort IDS (snort full, snort fast and snort syslog)
    • Dragon NIDS
    • Checkpoint Smart defense
  • Security tools:
    • Symantec Anti Virus
    • Symantec Web Security
    • Nmap
    • Arpwatch
    • McAfee VirusScan Enterprise (v8 and v8.5)
  • Others:
    • Named (bind)
    • Squid proxy
    • Bluecoat proxy
    • Cisco VPN Concentrator
    • Cisco IOS routers
    • Asterisk
    • Vmware ESX
  • Windows event logs (logins, logouts, audit information, etc)
  • Windows Routing and Remote Access logs
  • Generic unix authentiction (adduser, logins, etc)