I'm using OSSEC server (free version) to monitor machines with OSSEC agents, which monitor this login via SSH, file creation, etc.
I have configured OSSEC to send an email when it detects a problem, but this control/monitoring mode is very bad for data control and search.
How can I analyze/monitoring the OSSEC like a dashboard, all log occurrences? Analyze by type of threat, date of occurrence, etc.
How to analyze/monitoring OSSEC on Ubuntu
Re: How to analyze/monitoring OSSEC on Ubuntu
If you are looking for a dashboard option, you can use Atomic OSSEC:
https://atomicorp.com/atomic-enterprise-ossec/
Or, you can setup and install elastic with OSSEC. https://www.ossec.net/docs/cookbooks/re ... stack.html
Also, if you are looking for more options for output, please see:
https://atomicorp.com/atomic-enterprise-ossec/
Or, you can setup and install elastic with OSSEC. https://www.ossec.net/docs/cookbooks/re ... stack.html
Also, if you are looking for more options for output, please see:
Code: Select all
https://www.ossec.net/docs/docs/manual/output/index.html