How to analyze/monitoring OSSEC on Ubuntu

Support/Development for OSSEC
ThePoky
New Forum User
New Forum User
Posts: 1
Joined: Tue Apr 26, 2022 3:00 pm

How to analyze/monitoring OSSEC on Ubuntu

Unread post by ThePoky »

I'm using OSSEC server (free version) to monitor machines with OSSEC agents, which monitor this login via SSH, file creation, etc.

I have configured OSSEC to send an email when it detects a problem, but this control/monitoring mode is very bad for data control and search.

How can I analyze/monitoring the OSSEC like a dashboard, all log occurrences? Analyze by type of threat, date of occurrence, etc.
User avatar
cponton
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 47
Joined: Fri Oct 09, 2020 9:41 am

Re: How to analyze/monitoring OSSEC on Ubuntu

Unread post by cponton »

If you are looking for a dashboard option, you can use Atomic OSSEC:

https://atomicorp.com/atomic-enterprise-ossec/

Or, you can setup and install elastic with OSSEC. https://www.ossec.net/docs/cookbooks/re ... stack.html

Also, if you are looking for more options for output, please see:

Code: Select all

https://www.ossec.net/docs/docs/manual/output/index.html
Post Reply