- I know this has been covered, but more flexibility in *where* OSSEC can store logs. I understand that it's *locked* down/chrooted to its own directory, etc. But would be great to give more flexibility and options for logging.
- Continued development and improvements to the OSSEC WUI! Or further cooperation with OSSIM integration, etc. Having a tried and true front-end UI (for analysis, agent management, configuration, alerting, etc) would be so helpful! - Further flexibility/ability to push ossec.conf file to agents. I know this has already been talked about, but I really feel it would be useful. Practical example: the default ossec.conf runs syscheck every 72900 seconds. To change this you have to go onto every box w/ OSSEC and modify it. Now, I understand it's good to have a mass deployment tool and that it's best practice, but in my experience there are a lot of companies that don't follow "best practices" - should they simply not use OSSEC because of this? On top of that, in my opinion, the ossec.conf is strictly related to and in scope of OSSEC. And since OSSEC can push an agent.conf, I think it should have the ability to push the ossec.conf as well. Either that or we should have the option to 'disable' the local ossec.conf and let the agent.conf override it. On Wed, Oct 20, 2010 at 9:55 AM, cristian paul peƱaranda rojas < [email protected]> wrote: > Lack of good comand line search tool to look trought alert logs archives > (imagine doing that after 12 moths of operation !!) > > Graphs, all people like then, we have text reports, but what about csv-like > reports that later can be visualized usign a chart? > > Is not a pain but wizadr-like interface for making decors, may be soemthign > like txt2regex for ossec really help to newbies > > (May be this i'm not updated on this one) But better power in how to define > when run remote commands and integrity checks, i meant customer > what control that ossec do all time in a like-schedulle way, not the simple > intervals > > > regards :) > > > > > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.10 (GNU/Linux) > > iEYEARECAAYFAky/Hx4ACgkQOAZrK37R8yLnEgCgx20cbYsOySKkyaJMN0DhdfaW > qsQAoLxtPiishAv6I03EesP/1Pz1I52P > =NEN5 > -----END PGP SIGNATURE----- > >
