-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 10/18/2010 08:35 AM, Michael Starks wrote: > This is the day we get to recount our experiences of how OSSEC has saved > the day, or just saved us some scratch. People coming by later on who > read these will get a sense for OSSEC and if it can work in their > environment. What say you?
Last year at this time I was running Osiris and depending on Logwatch for most of my log analysis. Osiris is a solid product, but, unfortunately, it hasn't been updated in some time. Likewise, Logwatch is also a solid product, but depending on it for complete log analysis is cumbersome, at best. And finally, fail2ban was being used to detect various attacks and block them. Fail2ban is still a pretty decent product and I heartily recommend it if OSSEC is to much for your needs. OSSEC helped to solve both of these problems and even added additional features that I have found to be incredibly useful. Now I can centrally manage all of my machines, ensure integrity via hashing, and respond to a wide array of events. The flexibility of OSSEC allows me to trigger on virtually any event and respond with whatever I can express in a script. As I learn more about OSSEC, I'm sure I'll unlock even more capability that I'm not even aware of yet. This is becoming one of the more powerful tools in my security belt and I'm excited to see what comes next. - -- - --------------------------- Jason 'XenoPhage' Frisvold [email protected] - --------------------------- "Any sufficiently advanced magic is indistinguishable from technology." - - Niven's Inverse of Clarke's Third Law -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.14 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAky8YpIACgkQ8CjzPZyTUTSjBQCfU6CktgMZi429b7YWbDi+6Hzd 2XQAn0A95nqcwYce+Wu4TP6bzQb5QSoh =2SNm -----END PGP SIGNATURE-----
