Educause Security Discussion mailing list archives

Re: Administering OSSEC

From: Kevin Wilcox <wilcoxkm () APPSTATE EDU>
Date: Tue, 16 Feb 2010 14:17:23 -0500

On 16 February 2010 14:08, Eric C. Lukens <eric.lukens () uni edu> wrote:

We have a few questions:

1) Has anyone purchased support for OSSEC, like from Trend Micro? If so,
do you feel the added "perks" and the support were worth the cost?

2) Roughly how many man-hours of work did it take to get the alerts in
OSSEC "tuned" properly in your network?

3) Roughly how many man-hours does it take to look through the logs each
day?


I'm interested in this as well. I use OSSEC strictly within our
department for FIM on our campus DNS and networking-specific
development servers (postgresql, apache, svn servers), all running
FreeBSD, and I'm curious if anyone has done an Enterprise-wide
rollout, what issues they faced, the hardware they used on the server,
etc.

kmw

--
Kevin Wilcox
Network Infrastructure and Control Systems
Appalachian State University
Email: wilcoxkm () appstate edu
Office: 828.262.6259

Current thread:

Administering OSSEC Eric C. Lukens (Feb 16)
- <Possible follow-ups>
- Re: Administering OSSEC Kevin Wilcox (Feb 16)
- Re: Administering OSSEC Bradley, Stephen W. Mr. (Feb 16)
- Re: Administering OSSEC Chris Green (Feb 16)
- Re: Administering OSSEC Bradley, Stephen W. Mr. (Feb 16)
- Re: Administering OSSEC Will Froning (Feb 16)