Log Management Archives

OSSEC For Website Security: PART II – Distributed Architectures Using Agents and Managers

By Tony Perez | November 30, 2018 |

This article assumes you already have OSSEC deployed. If you need a refresher, refer to the Part I of OSSEC for website security, written March 2013. OSSEC is popular open-source Host Intrusion Detection System (HIDS). It was founded by Daniel Cid, and currently maintained by a very large community of security professionals. Please note that…

Forensics: Analyzing a WordPress Attack / Hack

By Tony Perez | November 8, 2013 |

Recently one of our honeypots was it by an attacker and in the process we were able to gather a bunch of good intelligence on the actions taken by the attacker. I write and detail the forensics of the attack in my latest post, for Sucuri: Case Study: Analyzing a WordPress Attack – Dissecting the…

OSSEC: Stop Agent Email Notifications from Being Grouped

By Tony Perez | August 22, 2013 |

This a quick post, for those of you that manage multiple agents under your manager, there might be instances where your email notifications will group different agent notifications together. This has to do with two things: Number of emails sent in an hour Grouping setting is On Default Max Emails By default, OSSEC has a…

OSSEC – Detecting New Files – Understanding How it Works

By Tony Perez | July 27, 2013 |

I recently saw some discussion in the OSSEC distribution list of someone having an issue with getting OSSEC syscheck to work right in real-time. It reminded me of a similar issue I had with my own configuration and others I have read about, so I figured I’d write something to shed light on how OSSEC’s…

OSSEC – Error: PostgreSQL client libraries not installed.

By Tony Perez | May 10, 2013 |

I was playing with OSSEC HIDS this afternoon and trying to get it configured to work with MySQL and when I was running make on the DB setup I was getting this error: Error: PostgreSQL client libraries not installed. I was a bit frustrated with it, it seems as it if requires both MySQL and…

Curious to See a DDOS in Action?

By Tony Perez | April 26, 2013 |

I’ve always wondered what a Distributed Denial of Service (DDOS) really looks like. Fortunately, there is now this pretty awesome video illustration of what it looks like: