OSSEC Documentation¶
OSSEC is an Open Source Host-based Intrusion Detection System. It performs log analysis, integrity checking, Windows registry monitoring, rootkit detection, real-time alerting and active response. It runs on most operating systems, including Linux, OpenBSD, FreeBSD, Mac OS X, Solaris and Windows. A list with all supported platforms is available at: Supported Systems
Note
OSSEC+ extends OSSEC with additional capabilities such as ELK integration, community threat sharing, and machine learning. Registration is free.
Getting Started¶
Manual¶
Reference¶
- Syntax and Options
- Man pages
- agent-auth
- agent_control
- clear_stats
- list_agents
- manage_agents
- ossec-agentd
- ossec-agentlessd
- ossec-analysisd
- ossec-authd
- ossec-control
- ossec-csyslogd
- ossec-dbd
- ossec-execd
- ossec-logcollector
- ossec-logtest
- ossec-maild
- ossec-makelists
- ossec-monitord
- ossec-regex
- ossec-regex-convert
- ossec-remoted
- ossec-reportd
- ossec-syscheckd
- rootcheck_control
- syscheck_control
- syscheck_update
- util.sh
- verify-agent-conf
- Output Formats
- Examples
- Log Samples
- Apache Logs
- GNU Radius
- Windows Routing and Remote Access logs
- Log Samples from Pam
- Log Samples from sshd
- Su log samples
- Messages from useradd, userdel, etc
- Linux Logs
- Windows Logs
- Log Samples from BSD systems
- Log entries in asl.log on OSX
- OS X IPFW Log Samples
- Log samples Mac
- FTP Logs
- Nessus scan in a web server log
- Misc. Logs
- Cisco Logs
- Log Samples for MySQL
- Log Samples for PostgreSQL
- Log Samples from PHP
- Urlscan Log samples
- Log Samples from Named
- Log samples for Checkpoint
- Log Samples from iptables
- Microsoft ISA Server
- Log Samples from the Netscreen Firewall
- Log samples from PF
- Log Samples from SonicWall
- Samples for the Windows firewall
- WIPFW
- Zone Alarm (free version) Log samples
- Courier Log samples
- Dovecot log samples
- Exchange Log Samples
- Log Samples from Exim
- Log Samples from imapd
- Log Samples for postfix
- Log Samples from Sendmail
- Log Samples for VM-POP3d
- Log Samples from vpopmail
- Log Samples for VMware ESX
- Web Scan sample 2