Great slides, thanks. It is mentioned in the slides ossec isn't a log management tool and does not store every single log. While I agree that isn't the main use of the application, it can be configured to store every log in the archives directory using the logall option. Not pretty, but the data is there if you need it...
At 05:49 PM 6/2/2007, you wrote: >Hi list, > >During the month of May I went to AusCERT and Confidence to talk about >OSSEC (i.e. Log analysis using OSSEC). On both presentations I mentioned >LIDS (Log-Based intrusion detection), and provided an overview of the ossec >architecture and how to write decoders and rules. If you want to learn >a bit more >about ossec, take a look at them. > >**Note that both presentations are very similar, but the AusCERT one >is a bit more >organized, so recommended to be read first. > >Auscert: >http://www.ossec.net/ossec-docs/auscert-2007-dcid.pdf > >Confidence: >http://www.ossec.net/ossec-docs/conf2007-dcid.pdf > >Hope you enjoy! > > >Taken from the ossec blog: >http://www.ossec.net/dcid/?p=83 > > >Thanks, > >-- >Daniel B. Cid, dcid at ossec.net >http://www.ossec.net
