There is a good book on OSSEC that goes into detail on these topics:
http://www.amazon.com/OSSEC-Host-Based-Intrusion-Detection-Guide/dp/159749240X/ref=sr_1_1?ie=UTF8&s=books&qid=1262616141&sr=1-1
I suggest this as a jumping off point.
Bernard Golden
Chief Executive Officer, HyperStratus
www.hyperstratus.com
Author, "Virtualization for Dummies," Dummies Press, 2007
(T) 650 585 5309 (C) 650 400 3204 (F) 650 591 3805
Follow me on twitter: bernardgolden
On Jan 4, 2010, at 4:10 AM, karan wrote:
Dear Dave,
Thank you very much for your reply. i fully read the
ossec articles, whatever y mention.
Again i face the problem. How to create new rule for our environment.
Ossec output log size is very high. and every seconds we received more
logs.
My request is how to separate logs like user name, date,time category,
windows security, and description,etc for report purpose
Awaiting for your favorable reply
with regards
Kirubakaran.K
India
On Jan 1, 8:17 pm, Dave S <[email protected]> wrote:
Karan,
This discussion group isn't for teaching.
If you have a specific problem or issue, then bring it here, but
first
you have to try finding your own answers.
There's lots of documentation you can check out to find your answers.
There's theOSSECManual athttp://www.ossec.net/main/manual/
And the FAQ is a great place to get started
http://www.ossec.net/main/manual/manual-faq/
TheOSSECWiki has articles on specific problems http://www.ossec.net/wiki/OSSEC
And there's a real good book onOSSECavailable on Amazon.com.http://www.amazon.com/OSSEC-Host-Based-Intrusion-Detection-Guide/dp/1
...
Start reading!
-Dave
On Dec 31 2009, 6:09 am, karan <[email protected]> wrote:
Dear Sir,
Am newly installedOSSECin our organization,I dont
know hoe to createRulesfor our our environment. Pls kindly help to
me basic knowledge ofOssectools
Awaiting for your reply
with warm regards
Kirubakaran.K
