Discussion on:
Centralising OSSEC HIDS via an agent/server framework yields good results

2
Comments
Add Your Opinion

Join the conversation!

Follow via:
RSS
Email Alert
Community Preferences
0 Votes
+ -
Customizing the rules
kdd_linux@... 11th Jul 2007
First time here at techr, just to reply to this post. I had the same issue with the rules being too sensitive, but after working with the developers (at #ossec on freenode), I got my rules pretty much tunned down to a point where I only get a few e-mails per day with interesting alerts.

I would recommend these two links for more information on how to tune your rules:

http://www.ossec.net/wiki/index.php/FAQ
http://www.ossec.net/ossec-docs/auscert-2007-dcid.pdf
0 Votes
+ -
snort?
Justin Fielding 15th Jul 2007
Do you also run snort on your servers with OSSEC scanning
the logs?
Keyboard Shortcuts:
Prev
Next
Toggle
Join the conversation
Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]

Join the TechRepublic Community and join the conversation! Signing-up is free and quick, Do it now, we want to hear your opinion.

Join Login

Keep Up with TechRepublic

Discover more newsletters

Follow us however you choose!

Media Gallery

View All

Hot Discussions

Start a Discussion
View All

Hot Questions

Ask a Question