Monthly Archives: March 2010

OSSEC v2.4 BETA available

OSSEC v2.4 BETA is available and we need testers. You can find more information about it and new features in here: http://www.ossec.net/wiki/Dev:BetaTesting If you ever wanted to contribute to OSSEC (or to any open source project) that’s the easiest way … Continue reading

Posted in ossec, v24 | 1 Comment

Site down last night

Thanks to everyone who sent some notes that our site was down last night. We were switching servers and not everything got migrated on time. I was happy that sucuri notified my on time: Modifications: %WARN: Size reduced by more … Continue reading

Posted in ossec | Leave a comment

Detecting USB Storage Usage with OSSEC

Xavier wrote a very interesting article on Detecting USB Storage Usage with OSSEC. He used our policy auditing module for that, but I think USB monitoring can be done in a much easier way with our new check_diff feature. You … Continue reading

Posted in ossec | 1 Comment

Alerting when a log or output of a command changes

If you want to create alerts when a log or the output of a command changes, take a look at the new <check_diff /> option in the rules (available on the latest snapshot). To demonstrate with an example, we will … Continue reading

Posted in ossec | 1 Comment

Daily email reports

If you want to receive daily email reports (summaries) of your OSSEC alerts, you will like this new feature. First, start off by downloading the latest snapshot: http://www.ossec.net/files/snapshots/ (get the latest file from there). Then you will be able to … Continue reading

Posted in ossec | 2 Comments