v1.5 preview – New log rules/decoders

Version 1.5 comes with lot of additions to our log analysis (or LIDS – Log-based IDS) capabilities. Some of the new log formats we now support are:

  • Solaris BSM auditing logs
  • Asterisk logs
  • Checkpoint and Smart Defense logs
  • Debian package (dpkg) install/status/remove messages
  • Shorewall logs
  • Postfix SASL error messages
  • Localized pure-ftpd messages (for 12 different languages)

In addition to that, we can now properly read DJB multilog files and read them with our decoders. To read it, just add to the configuration (in this example to read sshd logs):

<localfile>
<log_format>djb-multilog</log_format>
<location>/var/log/sshd/current</location>
</localfile>

Hope you enjoy OSSEC v1.5 when it is out :)

This entry was posted in ossec. Bookmark the permalink.

One Response to v1.5 preview – New log rules/decoders

  1. Pingback: Platonic » Blog Archive » OSSEC v1.5 released

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>