Hi list, During the month of May I went to AusCERT and Confidence to talk about OSSEC (i.e. Log analysis using OSSEC). On both presentations I mentioned LIDS (Log-Based intrusion detection), and provided an overview of the ossec architecture and how to write decoders and rules. If you want to learn a bit more about ossec, take a look at them.
**Note that both presentations are very similar, but the AusCERT one is a bit more organized, so recommended to be read first. Auscert: http://www.ossec.net/ossec-docs/auscert-2007-dcid.pdf Confidence: http://www.ossec.net/ossec-docs/conf2007-dcid.pdf Hope you enjoy! Taken from the ossec blog: http://www.ossec.net/dcid/?p=83 Thanks, -- Daniel B. Cid, dcid at ossec.net http://www.ossec.net
