On 07/10/2011 03:18 PM, brian wrote: > Is it possible to use OSSEC to evaluate the log files from a server I > don't have root access to? I'm helping a friend with a web site that > was hacked and I'm trying to use OSSEC to find where the hacker got > in. My hope is to download the logs and give them to OSSEC. I'm > running vista and have centos running in vmware.
You can use ossec-logtest manually against your log files, I think you should read the following article: http://dcid.me/2010/01/using-ossec-for-the-forensic-analysis-of-log-files/ I hope this can help you. > > I found the post 'Installation and use without root access' but I can > edit the etc dir. -- Compugraf
