OSSEC is a HIDS (Host Intrusion Detection SYstem), its objective is to parse logs, check the logs against rules and send alerts. It has a vast amount of rules already defined, so when it starts checking your logs it will start firing alerts.
In my architecture OSSEC fits outside the ELK stack. It parses the logs (as Logstash) but write alerts to files and send alerts by email. I've another logstash instance that reads the alerts from OSSEC, so I can have a nice Dashboard for them on Kibana. On Monday, June 23, 2014 7:49:03 AM UTC-3, Siddharth Trikha wrote: > > @Antonio: I use email output for a particular pattern in a log. But for > example, when a particular logs comes more than 5 times, for alerting for > this a state needs to be maintained which is not there in logstash. > > I don't know about OSSEC. But how to use it to achieve the above? > Presently logstash reads logs, ES stores it and kibana presents it. How > OSSEC fits here? > > On Monday, 23 June 2014 15:50:36 UTC+5:30, Antonio Augusto Santos wrote: >> >> The solutions I've seen for things like this in ELK usually are on the >> lines of using logstash to reparse the logs in ES and use some output >> (e-mail, nagios, Zabbix) to do the alerting. >> >> For now I've stick with using OSSEC (www.ossec.net) to do my alerting >> and "just" use ELK for log analysis. >> >> On Monday, June 23, 2014 5:50:22 AM UTC-3, Siddharth Trikha wrote: >>> >>> We are using the `ELK stack (logstash, elasticsearch, kibana)` to >>> analyze our logs. So far, so good. >>> >>> But now we want notification generation on some particular kind of logs. >>> Eg When a login failed logs comes more than 5 times (threshold crossed) an >>> email to be sent to the sysadmin. >>> >>> I looked up online and heard about `statsd`, `riemann`, `nagios`, >>> `metric` filter (logstash) to achieve our requirement. >>> >>> Can anyone suggest which fits best with ELK stack?? I am new to this. >>> Thanks >>> >> -- You received this message because you are subscribed to the Google Groups "elasticsearch" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/ba8d6ae3-4652-4618-b5a0-45fddeb313cd%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
