Monthly Archives: January 2007

Multiple 577 entries in the eventlog (from Windows)

I was monitoring the Windows logs from a client network and I noticed that a few boxes were constantly generating audit failure 577 events: WinEvtLog: Security: AUDIT_FAILURE(577): Security: xxx: XX-HQ: YY-HQ: Privileged Service Called: Server: Security Primary User Name: abc … Continue reading

Posted in log analysis, ossec, windows | Leave a comment

OSSEC Logo/Mascot contest

Can you guess what is missing in the ossec project? If you guessed a mascot (or a logo), you are right. Every open source project has one, but ourselves. How to fill this gap? If you are you a good … Continue reading

Posted in contest, mascot | Leave a comment

Eight daily steps to a more secure network

Michael Mullins wrote an interesting article with eight daily steps to secure your network. What I really liked is that at least 3 of these 8 steps mentioned involves looking at logs. He mentioned looking at antivirus, security and IDS/firewall … Continue reading

Posted in log analysis | 4 Comments

Ossec Performance

A friend of mine recently asked me what is the maximum number of logs per second that ossec could handle, but I didn’t have an answer for him. I heard of a few reports of ossec handling more than 508 … Continue reading

Posted in log analysis, ossec | 1 Comment

OSSEC version 1.0 is available

OSSEC version 1.0 is now publicly available. This version comes with numerous new features, including support for: Registry monitoring on Windows Dynamic/nat’ed IP addresses in the server/agent communication ASL (Apple system log) Lotus domino Symantec AV Windows RAR A full … Continue reading

Posted in ossec | Leave a comment

Security monitoring

Richard Bejtlich posted an excellent entry in his blog (taosecurity) about the difference between alert centric tools and Network Security Monitoring (NSM). He says: Network Security Monitoring (NSM) is different. Generating statistical, session, full content, and alert data gives analysts … Continue reading

Posted in log analysis, NSM, ossec | 2 Comments

2006 OSSEC download numbers

As a late christmas gift to all curious OSSEC users out there, here is some information about the number of downloads in 2006 (note that I only included major released versions). I am very pleased to see that we went … Continue reading

Posted in ossec | Leave a comment

OSWUI (web ui) screenshots

As requested, I am attaching a few screenshots of our web ui. I will also post a link to a demo site later… Below is an explanation of each picture (click on them to expand). Main page. Show the agent … Continue reading

Posted in ossec-ui | 1 Comment

Windows registry monitoring (syscheckd)

I just completed adding support for monitoring the Windows registry on ossec. It seems to be fairly stable right now and hopefully a beta version will be available soon (lots of tests will be required). The configuration will have the … Continue reading

Posted in ossec, windows | 1 Comment

OSSEC Web UI beta 2 available

The second beta version of oswui (ossec web ui) is available. It has numerous bug fixes (for all issues reported so far) and new features, including support for php5 and major design improvements made by Rafael Capovilla. Download it from … Continue reading

Posted in ossec, ossec-ui | 31 Comments