OSSEC
About Get OSSEC+ Downloads
GitHub Bluesky LinkedIn Facebook X (Twitter)
Contents Menu Expand Light mode Dark mode Auto light/dark, in light mode Auto light/dark, in dark mode Skip to content
OSSEC 4.1.0 documentation
Logo
OSSEC 4.1.0 documentation
  • Getting started with OSSEC
  • OSSEC Architecture
  • Supported Systems
  • Manual
    • Getting started with OSSEC
    • OSSEC Architecture
    • Supported Systems
    • Installation
      • Installation requirements
      • Manager/Agent Installation
      • Manual Installation
      • Windows Agent Installation
      • Package Installation
      • Compiling OSSEC for a Binary Installation
      • Server Virtual Appliance Installation
      • Unattended Source Installation
      • Compiling the OSSEC Windows Agent on Windows
      • Requirements
      • Compilation
      • Integration and Deployment with cfengine
      • OSSEC Updates
      • Upgrading to OSSEC 4.x
      • systemd deployment
    • Agents
      • Communication between agents and the OSSEC server
      • Managing Agents
      • Agent systems behind NAT or with dynamic IPs (DHCP)
      • Adding an agent with ossec-authd
      • Centralized agent configuration
      • Remoted architecture and tuning
      • Agentless Monitoring
      • Writing Agentless Scripts
    • Log monitoring/analysis
      • Process Monitoring
      • File Monitoring
      • Journald log monitoring
    • Syscheck
    • Rootcheck Manual
      • Rootcheck
      • Understanding the Unix policy auditing on OSSEC
    • Rules and Decoders
      • Testing OSSEC rules/decoders
      • CDB List lookups from within Rules
      • Create Custom decoder and rules
      • Directory path loading of rules and decoders
      • Rules Classification
      • Rules Group
    • Output and Alert options
      • Sending alerts via syslog
      • Sending alerts via E-Mail
        • Alerts to a single E-Mail Address
        • SMTP authentication and TLS
        • Granular E-Mail alerts to many E-Mail addresses
        • Daily E-Mail Reports
      • Storing alerts as JSON
      • Sending output to a Database
        • Configuring MySQL
        • Configuring PgSQL
      • Daily E-Mail Reports
      • Sending output to prelude
    • Active Response
      • Creating Customized Active Responses
      • UNIX: Active Response Configuration
      • Windows: Active Response Configuration
      • Understanding Active Response with FreeBSD
    • Misc. Notes
      • AES Encryption Support
      • Why am I getting multiple 675 events from AD + Samba?
      • Agentless Scripts
      • Periodic diff Specification
      • Periodic Specification
      • Example of real FWD: command.
      • Configuring Checkpoint
      • How do I use or create my own compiled rules?
      • Correlating multiple snort IDS with ossec
      • Creating Customized Active Responses
      • Question: How does the decoder.xml relate to the rules?
      • Disconnected Agent Alert
      • Additional rules
      • Why is OSSEC not seeing my iptables messages?
      • Log Checksums
      • Migrating/backing up the manager
      • How to add multiple log files to be monitored?
      • Nmap correlation
      • How to set up Syslog output
      • How to configure PIX and OSSEC
      • Detecting portscans with OSSEC and iplog
      • Rule Groups
      • How to configure ossec to never block some IPs in the active response
  • Syntax and Options
    • Regular Expression Syntax
    • Log Analysis Syntax: Rules and Decoders
      • Rules Syntax
      • Decoders Syntax
    • ossec.conf: syntax and options
      • ossec.conf: Active Response Options
      • ossec.conf: Agentless Options
      • ossec.conf: Alerts Options
      • ossec.conf: Client Options
      • ossec.conf: Database Output options
      • ossec.conf: Granular Email options
      • ossec.conf: Global options
      • ossec.conf: Localfile options
      • ossec.conf: Remote Options
      • ossec.conf: Reports options
      • ossec.conf: Rootcheck options
      • ossec.conf: Rules options
      • ossec.conf: Syscheck Options
      • ossec.conf: Syslog Output options
    • agent.conf
    • internal_options.conf: syntax and options
      • internal_options.conf: Global thread settings
      • internal_options.conf: analysisd
      • internal_options.conf: remoted
      • internal_options.conf: logcollector
      • internal_options.conf: maild
      • internal_options.conf: authd
      • internal_options.conf: monitord
      • internal_options.conf: syscheck
      • internal_options.conf: agent
      • internal_options.conf: dbd
      • internal_options.conf: Windows agent
  • Man pages
    • agent-auth
    • agent_control
    • clear_stats
    • list_agents
    • manage_agents
    • ossec-agentd
    • ossec-agentlessd
    • ossec-analysisd
    • ossec-authd
    • ossec-control
    • ossec-csyslogd
    • ossec-dbd
    • ossec-execd
    • ossec-logcollector
    • ossec-logtest
    • ossec-maild
    • ossec-makelists
    • ossec-monitord
    • ossec-regex
    • ossec-regex-convert
    • ossec-remoted
    • ossec-reportd
    • ossec-syscheckd
    • rootcheck_control
    • syscheck_control
    • syscheck_update
    • util.sh
    • verify-agent-conf
  • Output Formats
    • OSSEC alert log samples
    • JSON Format
    • cef log format:
  • Examples
    • Output
  • Log Samples
    • Apache Logs
      • Log Samples from Apache
      • Apache Attack samples
    • GNU Radius
    • Windows Routing and Remote Access logs
    • Log Samples from Pam
    • Log Samples from sshd
    • Su log samples
    • Messages from useradd, userdel, etc
    • Linux Logs
      • Cron/Crontab Log Samples
      • dpkg logs:
      • Log Samples from the Linux kernel
      • Log Samples from pacman
      • Log Samples for rshd
      • SELinux
      • Log Samples from S.M.A.R.T
      • Log samples for syslogd
      • Log samples for errors on xfs partitions:
      • Yum log samples
    • Windows Logs
      • IIS Logs
        • Psoft H-Sphere IIS Log File Format
        • W3C Extended Log File Format
    • Log Samples from BSD systems
    • Log entries in asl.log on OSX
    • OS X IPFW Log Samples
    • Log samples Mac
    • FTP Logs
      • Microsoft FTPD examples
      • Log Samples from ProFTPD
      • Log Samples from Pure-FTPD
      • Log Samples from Solaris/HP-UX FTPD
      • Log Samples from vsftpd
      • Log Samples from xferlog (by default at /var/log/xferlog)
    • Nessus scan in a web server log
    • Misc. Logs
      • Amavis Logs
      • Log Samples from Aruba Wireless
      • Log Samples from Asterisk
      • Log samples from ClamAV
      • Log Samples for Dell OpenManage
      • Log samples for HP-UX cimserver
      • Stunnel Logs
      • TightVNC Logs
      • Log Samples for Wordpress
    • Cisco Logs
      • Log samples for the Cisco IDS/IPS module for IOS
      • Cisco IOS Samples
      • Cisco PIX Logs
      • Cisco Secure ACS
    • Log Samples for MySQL
    • Log Samples for PostgreSQL
    • Log Samples from PHP
    • Urlscan Log samples
    • Log Samples from Named
    • Log samples for Checkpoint
    • Log Samples from iptables
    • Microsoft ISA Server
    • Log Samples from the Netscreen Firewall
    • Log samples from PF
    • Log Samples from SonicWall
    • Samples for the Windows firewall
    • WIPFW
    • Zone Alarm (free version) Log samples
    • Courier Log samples
    • Dovecot log samples
    • Exchange Log Samples
    • Log Samples from Exim
    • Log Samples from imapd
    • Log Samples for postfix
    • Log Samples from Sendmail
    • Log Samples for VM-POP3d
    • Log Samples from vpopmail
    • Log Samples for VMware ESX
    • Web Scan sample 2
  • 3.5
  • Frequently asked questions
    • Agents: FAQ
    • Alerts: FAQ
    • Installation: FAQ
    • Miscellaneous: FAQ
    • OSSEC: FAQ
    • Syscheck: FAQ
    • When the unexpected happens: FAQ
  • User submitted Cookbooks
    • How to restart an agent after changes to the agent.conf:
    • Using filebeat, logstash, and elasticsearch:
  • Build, compile, and not much more
    • install.sh
    • Makefile
    • test-rules:
  • oRFC:
    • oRFC: 1 The Collective Code Construction Contract (C4)
    • oRFC: 2 Coding Style Guide
  • Documentation maintenance
  • About & Contributing
    • OSSEC Processes and Data
    • Active-response Internal Logic Flow
    • How to start helping with the project?
    • Languages and respective translators for the installation
Back to top
View this page

About & ContributingΒΆ

  • OSSEC Processes and Data
  • Active-response Internal Logic Flow
  • How to start helping with the project?
    • Testing OSSEC:
    • Translating OSSEC:
    • Documenting OSSEC:
    • Development of OSSEC:
  • Languages and respective translators for the installation
Next
OSSEC Processes and Data
Previous
Documentation maintenance
Copyright © Atomicorp, Inc. 2025
Made with Sphinx and @pradyunsg's Furo