I'm sort of biased but you also could feed ossec events into OSSIM: http://www.ossim.net/ || http://www.alienvault.com/home.php?id=download. Grab the installer and enable the plugins, the upcoming installer will have OSSEC 2.0 builtin too.
Greetings, Dominique 2009/3/5 Bruce Martins <[email protected]> > > There is a short write up located below > > http://www.ossec.net/wiki/index.php/OSSEC_%26_Splunk > > > > -----Original Message----- > From: [email protected] [mailto:[email protected]] On > Behalf Of John Lewis > Sent: Wednesday, March 04, 2009 5:34 AM > To: [email protected] > Subject: [ossec-list] Re: Ossec UI - Any Updates? > > > I for one would love a write up on integrating OSSEC with Splunk in the > wiki. I think Splunk is great. > > -----Original Message----- > From: [email protected] [mailto:[email protected]] On > Behalf Of cnk > Sent: Tuesday, March 03, 2009 4:55 PM > To: [email protected] > Subject: [ossec-list] Re: Ossec UI - Any Updates? > > > Hey Derek, > > Another alternative would be to use the Splunk for OSSEC application. > > http://www.splunkbase.com/apps/All/Security/app:Splunk+for+OSSEC > > Just grab the free license version of Splunk, install this app, and > point your syslog output to your Splunk server. BAM! Instant wui 0.4. > > Do we really need another wui? I know I suffer from wui island > overload . . . leveraging Splunk let's you have an advanced web > interface that can easily be customized for your environment. Not to > mention the fact that you can now have all your security apps report > to a single interface. In my environment this makes incident analysis > much easier. > > Please let us know if you think of other useful features for the > Splunk for OSSEC app. > > Oh and I'll try to add a detailed write-up on this solution in the wiki. > > cheers, > > cnk > > > On Tue, Mar 3, 2009 at 9:46 AM, Partha Panda > <[email protected]> wrote: > > Hi Derek > > UI is one area we are looking at for the 2.1 release among others. Any > > volunteers to help out with refining the UI - let me know ? We can really > > use some help in this area. > > > > Thanks > > Partha > > > > > > ----- Original Message ----- > > From: [email protected] <[email protected]> > > To: [email protected] <[email protected]> > > Sent: Tue Mar 03 08:06:55 2009 > > Subject: [ossec-list] Ossec UI - Any Updates? > > > > > > Any updates to the UI coming down the pipe. Been about a year since 0.3 > was > > put > > out. Just curious! > > > > >
