Thanks for your reply. We do not intend to use OSSEC for checking core failures like hardware, drive failures etc.. but especially use for Operating system integrity checks, and alerts for any malicious activities. >From what you mentioned, looks like I need to add specific rules to enable such alerts. I would take a look at the rules, syntax etc to get this running on our systems. Please let me know if you have any pointers.
Thanks again. On Monday, August 12, 2013 9:38:18 PM UTC+5:30, David Blanton wrote: > > Your alerting system is something only you and your management team can > decide on. If you wish to get an e-mail/text on all of the above, go for it. > > Our team took a more minimalist approach, only getting alerts on critical > errors: hardware failure, attacks, malware, critical logs to our production > network, et al so we can take > immediate action. > > Everything below alert level 2, does not get logged because of the > 'Unknown problem in the system' rule (very helpful). Root su, opened > sessions, closed sessions, successful > ssh's do not get fired in our deployment because it is something that is > redundant and makes parsing through the logs more tedious. > > If you could give us an idea of what your network does, we could give you > a better idea of what you could have OSSEC look for. If it's a general > network at work, I would look into > monitoring disk space, firewalls, malware, and unsuccessful sudo's to > su/root sessions. You will notice that there are tens of thousands of rules > in OSSEC that can be > used to fire an alert, and it has the capability to do so much. > > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
