One more I forgot to mention: - It would be great to see OSSEC backing up *all* conf files, rules, decoder.xml, and anything else that a user may have modified when performing an upgrade. I've *easily* forgotten to back-up these individual files more than once and it would save a lot of frustration to have a flag and script to do this in install.sh
On Wed, Oct 20, 2010 at 10:21 AM, Jeremy Lee <[email protected]> wrote: > - I know this has been covered, but more flexibility in *where* OSSEC can > store logs. I understand that it's *locked* down/chrooted to its own > directory, etc. But would be great to give more flexibility and options for > logging. > > - Continued development and improvements to the OSSEC WUI! Or further > cooperation with OSSIM integration, etc. Having a tried and true front-end > UI (for analysis, agent management, configuration, alerting, etc) would be > so helpful! > > - Further flexibility/ability to push ossec.conf file to agents. I know > this has already been talked about, but I really feel it would be useful. > Practical example: the default ossec.conf runs syscheck every 72900 seconds. > To change this you have to go onto every box w/ OSSEC and modify it. Now, I > understand it's good to have a mass deployment tool and that it's best > practice, but in my experience there are a lot of companies that don't > follow "best practices" - should they simply not use OSSEC because of this? > On top of that, in my opinion, the ossec.conf is strictly related to and in > scope of OSSEC. And since OSSEC can push an agent.conf, I think it should > have the ability to push the ossec.conf as well. Either that or we should > have the option to 'disable' the local ossec.conf and let the agent.conf > override it. > > > > On Wed, Oct 20, 2010 at 9:55 AM, cristian paul peƱaranda rojas < > [email protected]> wrote: > >> Lack of good comand line search tool to look trought alert logs archives >> (imagine doing that after 12 moths of operation !!) >> >> Graphs, all people like then, we have text reports, but what about >> csv-like reports that later can be visualized usign a chart? >> >> Is not a pain but wizadr-like interface for making decors, may be >> soemthign like txt2regex for ossec really help to newbies >> >> (May be this i'm not updated on this one) But better power in how to >> define when run remote commands and integrity checks, i meant customer >> what control that ossec do all time in a like-schedulle way, not the >> simple intervals >> >> >> regards :) >> >> >> >> >> >> -----BEGIN PGP SIGNATURE----- >> Version: GnuPG v1.4.10 (GNU/Linux) >> >> iEYEARECAAYFAky/Hx4ACgkQOAZrK37R8yLnEgCgx20cbYsOySKkyaJMN0DhdfaW >> qsQAoLxtPiishAv6I03EesP/1Pz1I52P >> =NEN5 >> -----END PGP SIGNATURE----- >> >> >
