Page 1 of 1

Installing Ossec+

Posted: Mon Apr 05, 2021 9:38 am
by maindriver

Found loads of guides to install this, none seem to work :/

I'm very familiar with installing/managing Ubuntu server. Is there an up to date guide for installing?

Which OS should be used?


Re: Installing Ossec+

Posted: Mon Apr 05, 2021 6:32 pm
by mikeshinn
For the hub, either Centos or Redhat 7/8. Ubuntu hub support is coming soon.

For agents, any modern Linux distro, or Windows or MacOS.

Re: Installing Ossec+

Posted: Wed Apr 07, 2021 11:36 am
by maindriver

Installed on Centos 8 using this link..

All I've managed to do after that is on the server, do this.


Then added one PC and installed the agent on that PC.

I have no idea how to get a web GUI for Ossec+ or how to use or manage it.

When I'm on the Centos machine, I can visit and see the elastic page, no idea what to do on there..

Can visit that same 5601 site when browsing from another machine on the same IP range, even after disabling the firewall (for testing) on the Centos server.

I feel like I'm really missing something here. Been asked to evaluate the product in view of purchasing it. So far, hitting a brick wall :/

Re: Installing Ossec+

Posted: Thu Apr 08, 2021 3:51 pm
by mikeshinn
If your reviewing before purchasing, could you PM me what your username is so I can upgrade your demo to the full product. You will want to run the Atomic OSSEC installer after that, and Ill send you instructions and our support team will get you all setup, as well as show you how to use the GUI.

Re: Installing Ossec+

Posted: Fri Apr 09, 2021 9:05 am
by tonny
maindriver wrote: Mon Apr 05, 2021 9:38 am Found loads of guides to install this, none seem to work :/
Which OS should be used?
I managed the install on both, debian 10 and centos 8.
alert-logs are filling and ossec webui shows them too.

It's only the kofe part that never works. Looking at the doc count of the index, data is collected.
But the kofe dashboard can't locate any of the configured fields and using the discover option result in error on the timestamp field.

No idea's (yet) on the resolution for that


Re: Installing Ossec+

Posted: Thu Apr 15, 2021 1:46 am
by tonny
Been in contact with one of the maintainers......
1) That dashboard should not have been there, and will not work.
2) The index, simply delete it and create a new one. It's not in use, so you won't break anything

so now it's working great!