Monthly Archives: September 2007

Database Logging

Posted on September 30, 2007 by danielcid

Next version of OSSEC will come with support for PostgreSQL logs and MySQL error/query logs. Since database logging is not something widely done (and even hard to find documentation about), I started in the OSSEC wiki some sections about it. … Continue reading →

Posted in log analysis, ossec | Leave a comment

Chinese hacking and Desinformation warfare

Posted on September 22, 2007 by danielcid

For the last few weeks many articles and news stories were published about the Chinese hacking USA government computers. The reality is that the Chinese have been hacking the US, Russian, Australian (,etc) computers for years, but they are not … Continue reading →

Posted in hacks | 1 Comment

How to create a log standard

Posted on September 14, 2007 by danielcid

Get the marketing team together for a clever name. Copy and paste Microsoft’s IIS W3C log format Write a press release and tell the world about it I am not joking, but eIQnetworks released their Open Source Event Logging Standard … Continue reading →

Posted in CEE, log analysis | Leave a comment

OSSEC at the “Own the Box” competition

Posted on September 5, 2007 by danielcid

Paul Ziegler (tatsumori) sent me a very interesting e-mail explaining how he used OSSEC to protect his box at the Defcon’s 15 “Øwn the box” competition. During Defcon15 there was a new kind of contest called the “Øwn the box” … Continue reading →

Posted in ossec | Leave a comment

Web attacks resource

Posted on September 5, 2007 by danielcid

I have a few honeypots out there just collecting information about web attacks and they have been great to help me improve OSSEC and how it parses web/proxy logs. Since I couldn’t find any public resource dedicated to store this … Continue reading →

Posted in webattacks | Leave a comment