Hi,
Found loads of guides to install this, none seem to work :/
I'm very familiar with installing/managing Ubuntu server. Is there an up to date guide for installing?
Which OS should be used?
Thanks
Installing Ossec+
- mikeshinn
- Atomicorp Staff - Site Admin
- Posts: 4149
- Joined: Thu Feb 07, 2008 7:49 pm
- Location: Chantilly, VA
Re: Installing Ossec+
For the hub, either Centos or Redhat 7/8. Ubuntu hub support is coming soon.
For agents, any modern Linux distro, or Windows or MacOS.
For agents, any modern Linux distro, or Windows or MacOS.
Michael Shinn
Atomicorp - Security For Everyone
Atomicorp - Security For Everyone
-
- New Forum User
- Posts: 2
- Joined: Thu Apr 01, 2021 4:06 am
Re: Installing Ossec+
Ok,
Installed on Centos 8 using this link..
https://www.ossec.net/finish-ossec-plus-install/
All I've managed to do after that is on the server, do this.
/var/ossec/bin/manage_agents
Then added one PC and installed the agent on that PC.
I have no idea how to get a web GUI for Ossec+ or how to use or manage it.
When I'm on the Centos machine, I can visit 127.0.0.1:5601 and see the elastic page, no idea what to do on there..
Can visit that same 5601 site when browsing from another machine on the same IP range, even after disabling the firewall (for testing) on the Centos server.
I feel like I'm really missing something here. Been asked to evaluate the product in view of purchasing it. So far, hitting a brick wall :/
Installed on Centos 8 using this link..
https://www.ossec.net/finish-ossec-plus-install/
All I've managed to do after that is on the server, do this.
/var/ossec/bin/manage_agents
Then added one PC and installed the agent on that PC.
I have no idea how to get a web GUI for Ossec+ or how to use or manage it.
When I'm on the Centos machine, I can visit 127.0.0.1:5601 and see the elastic page, no idea what to do on there..
Can visit that same 5601 site when browsing from another machine on the same IP range, even after disabling the firewall (for testing) on the Centos server.
I feel like I'm really missing something here. Been asked to evaluate the product in view of purchasing it. So far, hitting a brick wall :/
- mikeshinn
- Atomicorp Staff - Site Admin
- Posts: 4149
- Joined: Thu Feb 07, 2008 7:49 pm
- Location: Chantilly, VA
Re: Installing Ossec+
If your reviewing before purchasing, could you PM me what your username is so I can upgrade your demo to the full product. You will want to run the Atomic OSSEC installer after that, and Ill send you instructions and our support team will get you all setup, as well as show you how to use the GUI.
Michael Shinn
Atomicorp - Security For Everyone
Atomicorp - Security For Everyone
Re: Installing Ossec+
I managed the install on both, debian 10 and centos 8.maindriver wrote: ↑Mon Apr 05, 2021 9:38 am Found loads of guides to install this, none seem to work :/
Which OS should be used?
alert-logs are filling and ossec webui shows them too.
It's only the kofe part that never works. Looking at the doc count of the index, data is collected.
But the kofe dashboard can't locate any of the configured fields and using the discover option result in error on the timestamp field.
No idea's (yet) on the resolution for that
//Tonny
Re: Installing Ossec+
Been in contact with one of the maintainers......
1) That dashboard should not have been there, and will not work.
2) The index, simply delete it and create a new one. It's not in use, so you won't break anything
so now it's working great!
1) That dashboard should not have been there, and will not work.
2) The index, simply delete it and create a new one. It's not in use, so you won't break anything
so now it's working great!