Installing Ossec+

Support/Development for OSSEC
maindriver
New Forum User
New Forum User
Posts: 2
Joined: Thu Apr 01, 2021 4:06 am

Installing Ossec+

Unread post by maindriver »

Hi,

Found loads of guides to install this, none seem to work :/

I'm very familiar with installing/managing Ubuntu server. Is there an up to date guide for installing?

Which OS should be used?

Thanks
User avatar
mikeshinn
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 4133
Joined: Thu Feb 07, 2008 7:49 pm
Location: Chantilly, VA

Re: Installing Ossec+

Unread post by mikeshinn »

For the hub, either Centos or Redhat 7/8. Ubuntu hub support is coming soon.

For agents, any modern Linux distro, or Windows or MacOS.
maindriver
New Forum User
New Forum User
Posts: 2
Joined: Thu Apr 01, 2021 4:06 am

Re: Installing Ossec+

Unread post by maindriver »

Ok,

Installed on Centos 8 using this link..

https://www.ossec.net/finish-ossec-plus-install/

All I've managed to do after that is on the server, do this.



/var/ossec/bin/manage_agents

Then added one PC and installed the agent on that PC.

I have no idea how to get a web GUI for Ossec+ or how to use or manage it.

When I'm on the Centos machine, I can visit 127.0.0.1:5601 and see the elastic page, no idea what to do on there..




Can visit that same 5601 site when browsing from another machine on the same IP range, even after disabling the firewall (for testing) on the Centos server.

I feel like I'm really missing something here. Been asked to evaluate the product in view of purchasing it. So far, hitting a brick wall :/
User avatar
mikeshinn
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 4133
Joined: Thu Feb 07, 2008 7:49 pm
Location: Chantilly, VA

Re: Installing Ossec+

Unread post by mikeshinn »

If your reviewing before purchasing, could you PM me what your username is so I can upgrade your demo to the full product. You will want to run the Atomic OSSEC installer after that, and Ill send you instructions and our support team will get you all setup, as well as show you how to use the GUI.
tonny
Forum User
Forum User
Posts: 5
Joined: Fri Apr 09, 2021 8:56 am
Location: Sweden

Re: Installing Ossec+

Unread post by tonny »

maindriver wrote: Mon Apr 05, 2021 9:38 am Found loads of guides to install this, none seem to work :/
Which OS should be used?
I managed the install on both, debian 10 and centos 8.
alert-logs are filling and ossec webui shows them too.

It's only the kofe part that never works. Looking at the doc count of the index, data is collected.
But the kofe dashboard can't locate any of the configured fields and using the discover option result in error on the timestamp field.

No idea's (yet) on the resolution for that

//Tonny
tonny
Forum User
Forum User
Posts: 5
Joined: Fri Apr 09, 2021 8:56 am
Location: Sweden

Re: Installing Ossec+

Unread post by tonny »

Been in contact with one of the maintainers......
1) That dashboard should not have been there, and will not work.
2) The index, simply delete it and create a new one. It's not in use, so you won't break anything

so now it's working great!
Post Reply