Educause Security Discussion mailing list archives
Re: Administering OSSEC
From: Kevin Wilcox <wilcoxkm () APPSTATE EDU>
Date: Tue, 16 Feb 2010 14:17:23 -0500
On 16 February 2010 14:08, Eric C. Lukens <eric.lukens () uni edu> wrote:
We have a few questions: 1) Has anyone purchased support for OSSEC, like from Trend Micro? If so, do you feel the added "perks" and the support were worth the cost? 2) Roughly how many man-hours of work did it take to get the alerts in OSSEC "tuned" properly in your network? 3) Roughly how many man-hours does it take to look through the logs each day?
I'm interested in this as well. I use OSSEC strictly within our department for FIM on our campus DNS and networking-specific development servers (postgresql, apache, svn servers), all running FreeBSD, and I'm curious if anyone has done an Enterprise-wide rollout, what issues they faced, the hardware they used on the server, etc. kmw -- Kevin Wilcox Network Infrastructure and Control Systems Appalachian State University Email: wilcoxkm () appstate edu Office: 828.262.6259
Current thread:
- Administering OSSEC Eric C. Lukens (Feb 16)
- <Possible follow-ups>
- Re: Administering OSSEC Kevin Wilcox (Feb 16)
- Re: Administering OSSEC Bradley, Stephen W. Mr. (Feb 16)
- Re: Administering OSSEC Chris Green (Feb 16)
- Re: Administering OSSEC Bradley, Stephen W. Mr. (Feb 16)
- Re: Administering OSSEC Will Froning (Feb 16)