Category Archives: v2.6

OSSEC v2.6 is out!

OSSEC v2.6 was just released (finally :)) and you can get more details here: http://www.ossec.net/main/ossec-v2-6-released We are very happy to announce the availability of OSSEC version 2.6. This has been a long release cycle, but it is here now with … Continue reading

Posted in ossec, v2.6 | Tagged , | 3 Comments

Running multiple OSSEC decoders on the same event

If you need to run multiple decoders on the same log to extract additional pieces of information (and at the same time do not affect the original decoder), we have a simple way to do so. Just create multiple child … Continue reading

Posted in ossec, v2.6 | 2 Comments

Blocking repeated offenders with OSSEC

By default OSSEC has a static timeout on our active response scripts. You specify the action and how long to block the IP Address: <active-response> <command>host-deny</command> <location>local</location> <level>6</level> <timeout>600</timeout> </active-response> Which works well for most of the time. However, if … Continue reading

Posted in ossec, v2.6 | 4 Comments