Skip to main content

All Questions

Tagged with
Filter by
Sorted by
Tagged with
0 votes
0 answers
1k views

OSSEC - Not seeing alerts on the Server from file changes on the Agent

I have an OSSEC server and Agent installed and configured. I have imported the key to the Agent and they appear to be communicating. However, I am trying test the file integrity monitoring feature and ...
user8897013's user avatar
-3 votes
1 answer
106 views

How can ossec handle a virus that already spread into the deepest system? [closed]

As far as I know, OSSEC is a Open Source HIDS. It's a "Detection System". I read in journals, it collect logs and flag any anomaly that had been found in a system ( e.g. Debian Server ) and do some ...
Gagantous's user avatar
0 votes
2 answers
2k views

Has anyone used any custom decoders with OSSEC?

I have the OSSEC HIDS software version 2.8.3 running on a RHEL 6 server. We have been testing this in the lab with a DNS server to track queries that come into our RPZ and Malware zones. The DNS ...
user53029's user avatar
  • 649
0 votes
1 answer
53 views

How to filter errors 404 to show only those which are related to php files?

One of my web servers is getting flooded with requests to resources that do not exist anymore, generating the corresponding 404 error. As I'm using OSSEC and OSSIM, then these errors are sent to the ...
user avatar
2 votes
4 answers
2k views

Simple application level file integrity monitoring & Intrusion detection (IDS)

We've been searching for a simple file integrity monitoring solution on CentOS/Linux that will work on the application level. We are not looking for OS/network level IDS as OSSEC and the others do a ...
Dev's user avatar
  • 21
10 votes
2 answers
5k views

OSSEC large scale deployment

We have a data-center and as a happy OSSEC user I am trying to convince my management to use it for host intrusion detection. However I have never deployed it on more than a handful of servers and I ...
lisa1987's user avatar
  • 891