ossec_on_mac-225x225

Installing OSSEC on Mac OS

Sometimes building and deploying open-source systems on the Mac OS can be a bit of a pain. Don’t get me wrong I love the Mac, and most things Apple for that matter. But some of the libraries in the system tool chain are bit outdated. For those of you who want to run OSSEC on OS X Yosemite, you’ll…

kibana4ossec-225x225

Create an OSSEC Log Management Console with Kibana 4

It’s been awhile since Kibana 4 was released, so I figured it was about time I updated my OSSEC Log Management Console to use the latest and greatest Kibana. The look and feel of Kibana has changed quite a bit, with a new data discovery mode that let’s you browse your data quickly before you create…

logstash-ossec-225x225

Improved OSSEC Log Parsing with Logstash

The ELK stack (Elasticsearch-Logstash-Kibana) provides a cost effective alternative to commercial SIEMs for ingesting and managing OSSEC alert logs. Previously I wrote a blog – OSSEC Log Management with Elasticsearch – that discusses the design of an ELK based log system. Since then some readers have asked for and suggested ways to parse additional fields…

ossec_rpm-225x225

Installing OSSEC from RPMs

When I first started playing around with OSSEC I downloaded the agent and server source packages then proceeded to install them by hand. This method was fine when I had a server and 1 or 2 agent systems, but for a large network of systems it is tedious and error prone. The OSSEC Project offers…

ossec-does-elasticsearch-225x225

OSSEC Log Management with Elasticsearch

Among the many useful features of OSSEC is its capability to send alerts to any system that can consume syslog data. This makes it easy to combine OSSEC with a number of 3rd party SIEMs to store, search and visualize security events.  Splunk for OSSEC is one such system that works on top of the Splunk…