Educause Security Discussion mailing list archives
Re: Administering OSSEC
From: Will Froning <will.froning () GMAIL COM>
Date: Wed, 17 Feb 2010 09:22:27 +0400
Hello Eric, On Tue, Feb 16, 2010 at 11:08 PM, Eric C. Lukens <eric.lukens () uni edu> wrote:
1) Has anyone purchased support for OSSEC, like from Trend Micro? If so, do you feel the added "perks" and the support were worth the cost?
We just use the free version.
2) Roughly how many man-hours of work did it take to get the alerts in OSSEC "tuned" properly in your network?
Depends on how many machines you are looking to monitor and what you want to know about. We monitor about 70 including our domain controllers. I've also made ours a bit more chatting for some things (logon/off, sudo, etc.) for certain servers. On the flipside, we don't have PCI as a concern here. We use it just to keep an eye on our environment.
3) Roughly how many man-hours does it take to look through the logs each day?
It can take up to 2 hours if it was a patch day. Normally about 15 minutes. Thanks, Will -- Will Froning Unix SysAdmin Will.Froning () GMail com MSN: wfroning () angui sh YIM: will_froning AIM: willfroning
Current thread:
- Administering OSSEC Eric C. Lukens (Feb 16)
- <Possible follow-ups>
- Re: Administering OSSEC Kevin Wilcox (Feb 16)
- Re: Administering OSSEC Bradley, Stephen W. Mr. (Feb 16)
- Re: Administering OSSEC Chris Green (Feb 16)
- Re: Administering OSSEC Bradley, Stephen W. Mr. (Feb 16)
- Re: Administering OSSEC Will Froning (Feb 16)