I will share my own story as well.... Many years ago (around 2002/2003), I had to manage hundreds Linux/Solaris servers and one of the requirements was file integrity checking / log analysis on all of them. None of the solutions at the time allowed me to do that from a centralized location, so I decided to jump in and do it myself.
The initial versions were all written in Perl and had the same concept that we see on OSSEC now. Small agents pushing events to a centralized manager for alerting and monitoring. Later on I decided to re-write it in C and released it as open source. The project was initially named osaudit and you can still catch the old page on sourceforge: http://osaudit.sourceforge.net/ After a few versions I changed the name from osaudit to just ossec hids and released its first version on 2005 ( http://marc.info/?l=loganalysis&m=112131235829527&w=2 ) Leaving the story on the side, OSSEC has helped on multiple projects, giving me visibility and actionable data that would be very hard to get otherwise. Plus, the amount of stuff I have learned from the OSSEC community is one of the things I value the most (mailing list discussions, IRC, patches, etc). Thanks, -- Daniel B. Cid dcid ( at ) ossec.net On Mon, Oct 18, 2010 at 12:45 PM, Derek Morris <[email protected]> wrote: > I started using Ossec around version 1.4 several years ago. At that time my > present employer had nothing for HID or event monitoring. Being a > non-profit, money was tight, so I started out by building a > Nagios/Ossec/MRTG Network Monitoring Server. The fact that Ossec was open > source and free allowed me to really get really into it as there were no > costs hold me back. The environment is mainly windows on the server side and > Cisco on the network side. From the moment Ossec/Nagios started up, my > department went from being reactive to proactive in all areas, this > immediately turned into HAPPY END USERS!!! Numerous issues were detected > right away and fixed, in the past the issue would occur then my team would > have to poke around to find out where it was originating from and address > the issue. > > Outside of work, I have been able to do "security consultation" based off my > experience with Ossec. It has allowed me to help other IT departments deploy > there own very inexpensive, very flexible "Monitoring Device" (Nagios and > Ossec). It has given control back to IT staff. There are lots of Commercial > big dollar devices that some IT budgets just cannot afford, Ossec has helped > out tremendously in my travels. > > Hope I have shared a story that others can relate to!! > > > > -- Derek >
