Monthly Archives: April 2007

OSSEC at the SANS log management summit

David Bianco recently spoke about OSSEC at the SANS Log Management Summit 2007, with the presentation: “How to Save $45k (and Look Great Doing it)”. Quoting his blog entry reviewing the summit: On Tuesday morning, I gave my own presentation, … Continue reading

Posted in log analysis, ossec | Leave a comment

CEE – Logging standard

If you are not at the log analysis mailing list, you are missing a good discussion regarding the efforts to create a new logging standard, CEE (Common Event Expression). MITRE is in charge of the process, but it is probably … Continue reading

Posted in CEE, log analysis | 5 Comments

Free Lunch :: OSSEC Review

Andrew Storms from ncircle posted an interesting review of ossec in his blog (also at the ncircle main blog): OSSEC is an open source host based intrusion detection system. The website states, “It performs log analysis, integrity checking, Windows registry … Continue reading

Posted in ossec | Leave a comment

Wiki editing blocked (vandalism)

I decided to block any form of editing to the ossec wiki for reasons of vandalism. If you look at the wiki recent changes page you will see the changes that were made. Most of them were very strange to … Continue reading

Posted in log analysis, wiki | 2 Comments

OSSEC performance (v2)

During the release of ossec v1.0, I posted some performance numbers regarding that version. Even though I know most performance tests do not prove anything per se, I was able to see how many events per second an old PIII … Continue reading

Posted in ossec | Leave a comment

How to compile ossec on Windows?

It is not the first time I was asked that, so I decided to write it in here in case anyone else is interested. First of all, ossec is compiled using MinGW, so we have only used it with gcc. … Continue reading

Posted in ossec, windows | Leave a comment

Contributing to the ui development

I have received a large feedback from the community regarding the web interface with lots of offers to help. If you are interested in being a part of the UI development team, check out the following link with some ideas … Continue reading

Posted in ossec-ui | Leave a comment