Educause Security Discussion mailing list archives
Re: Administering OSSEC
From: "Bradley, Stephen W. Mr." <bradlesw () MUOHIO EDU>
Date: Tue, 16 Feb 2010 16:14:03 -0500
I set it up so that I get the real-time alerts. I don't know if it can send a report or not. I have it tuned so that we get about 10 alerts per day. steve -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Chris Green Sent: Tuesday, February 16, 2010 4:11 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Administering OSSEC Excuse the really dumb OSSEC question but does it get to the point where it sends you email reports rather than individual alerts? We end up with a process where our "auditable" email reports go to a resource account mailbox where the tasked individual has to reply so we can prove that they are reviewed on a timely basis. I ended up using a very customized epylog to accomplish this but wouldn't mind looking at OSSEC again as at times I would like the real-time alerts. -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Bradley, Stephen W. Mr. Sent: Tuesday, February 16, 2010 1:58 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Administering OSSEC We put OSSEC on our PCI servers (Linux and Windows) and have the management end of it running on one of our Syslog servers.
Current thread:
- Administering OSSEC Eric C. Lukens (Feb 16)
- <Possible follow-ups>
- Re: Administering OSSEC Kevin Wilcox (Feb 16)
- Re: Administering OSSEC Bradley, Stephen W. Mr. (Feb 16)
- Re: Administering OSSEC Chris Green (Feb 16)
- Re: Administering OSSEC Bradley, Stephen W. Mr. (Feb 16)
- Re: Administering OSSEC Will Froning (Feb 16)