Monthly Archives: September 2007

Database Logging

Next version of OSSEC will come with support for PostgreSQL logs and MySQL error/query logs. Since database logging is not something widely done (and even hard to find documentation about), I started in the OSSEC wiki some sections about it. … Continue reading

Posted in log analysis, ossec | Leave a comment

Chinese hacking and Desinformation warfare

For the last few weeks many articles and news stories were published about the Chinese hacking USA government computers. The reality is that the Chinese have been hacking the US, Russian, Australian (,etc) computers for years, but they are not … Continue reading

Posted in hacks | 1 Comment

How to create a log standard

Get the marketing team together for a clever name. Copy and paste Microsoft’s IIS W3C log format Write a press release and tell the world about it I am not joking, but eIQnetworks released their Open Source Event Logging Standard … Continue reading

Posted in CEE, log analysis | Leave a comment

OSSEC at the “Own the Box” competition

Paul Ziegler (tatsumori) sent me a very interesting e-mail explaining how he used OSSEC to protect his box at the Defcon’s 15 “Øwn the box” competition. During Defcon15 there was a new kind of contest called the “Øwn the box” … Continue reading

Posted in ossec | Leave a comment

Web attacks resource

I have a few honeypots out there just collecting information about web attacks and they have been great to help me improve OSSEC and how it parses web/proxy logs. Since I couldn’t find any public resource dedicated to store this … Continue reading

Posted in webattacks | Leave a comment