Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Administering OSSEC

From: "Bradley, Stephen W. Mr." <bradlesw () MUOHIO EDU>
Date: Tue, 16 Feb 2010 16:14:03 -0500
I set it up so that I get the real-time alerts.  I don't know if it can send a report or not.

I have it tuned so that we get about 10 alerts per day.

steve

-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Chris 
Green
Sent: Tuesday, February 16, 2010 4:11 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Administering OSSEC

Excuse the really dumb OSSEC question but does it get to the point where it sends you email reports rather than 
individual alerts? We end up with a process where our "auditable" email reports go to a resource account mailbox where 
the tasked individual has to reply so we can prove that they are reviewed on a timely basis.  I ended up using a very 
customized epylog to accomplish this but wouldn't mind looking at OSSEC again as at times I would like the real-time 
alerts.

-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Bradley, 
Stephen W. Mr.
Sent: Tuesday, February 16, 2010 1:58 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Administering OSSEC

We put OSSEC on our PCI servers (Linux and Windows) and have the management end of it running on one of our Syslog 
servers.
Previous By Date Next
Previous By Thread Next

Current thread: