Atomicorp

After a couple days of trial and error I've learned a few things about ossec+, but there seems to be a lack of documentation. All of the documentation turns out to be for ossec, and I can find nothing about configuring the elk stack.

Is there an ossec+ support forum I missed somehow?

Apparently the elk stack is not supported on Debian either - root@dbosp:~# oum install kofe Installing Package: kofe /usr/sbin/oum: line 434: yum: command not found ERROR: There was a problem installing kofe! root@dbosp:~# I'd be happy to beta test code for Debian, or for RHEL 8. After all, the sole...

Since nobody was able to answer, I tested a hunch and installed kofe on centos 7, with no problems.

So, kofe is not available for rhel/centos 8, which has been out since 2019.

Any idea when the elk stack will be available for rhel/centos 8?

Thanks for any roadmap hints you can drop.

I'd been running ossec for some time and found it to be reliable and useful. I then learned about ossec+ and wanted to upgrade the capabilities, with an eye to bringing it to the workplace. I followed the install docs for ossec+ and downloaded ossec+, which started and ran successfully. But the next...

Good morning! <log_alert_level>1</log_alert_level> The value entered here will allow alerts from any events level 1 or higher. If you only want level 7 or higher, you would set <log_alert_level>7</log_alert_level> https://www.ossec.net/docs/docs/syntax/head_ossec_config.alerts.html?highlight=log_al...

New install of ossec server on Debian 10, clients on Debian and Centos hosts Contents of /etc/ossec-init.conf DIRECTORY="/var/ossec" VERSION="v3.6.0" DATE="Mon Sep 14 18:34:57 UTC 2020" TYPE="server" I set the alerts thusly, and restarted ossec: # grep alert o...