OSSEC Symposium

OSSEC CON 2013, July 25, Cupertino, CA

Trend Micro continued previous year's OSSEC Symposium with OSSEC CON 2013. The conference was again a huge success and the attendees tripled compared to 2012. The user community response was excellent and many from outside the US requested to have future OSSEC CON's in places near their countries of origin.  If you missed OSSEC CON 2013, see the recap page for a high level summary and keynote presentation slides. 

OSSEC Symposium Summer 2012, July 12-13, Cupertino, CA

Trend Micro has announced the first OSSEC Symposium to the open source community. It's a two-day event to be held in Cupertino, California, USA on July 12-13, 2012. The agenda includes Trend Micro managers talking about the future direction of OSSEC project, expert OSSEC developers presenting their experience, and fellow OSSEC users sharing their success stories as well as pain points. 

The symposium was a big success and a complete recap along with the presentation slides are available at www.ossec.net.

JB Cheng

OSSEC Tools

Besides the obvious must-have of OSSEC package you downloaded, what other things do I need to extend OSSEC capabilities?

1. Graylog2 is an open source log management solution that stores your logs in elasticsearch and provides web-based GUI. It utilizes logstash.
2. Splunk can receive OSSEC alerts via syslog. There is a free version which allows you to index up to 500 megabytes of data per day, and make the data ready for query and correlation. Splunk for OSSEC is an app which offers parsing logic, saved searches, and dashboards. Here is a blog for the installation of OSSEC & Splunk.
3. ELSA ( Enterprise Log Search and Archive) is a centralized syslog framework built on Syslog-NG, MySQL, and Sphinx full-text search. It provides a fully asynchronous web-based query interface that normalizes logs and makes searching billions of them for arbitrary strings as easy as searching the web. 
4. OSSIM (Open Source SIEM) provides event collection, normalization, correlation and incident response. There is an OSSIM Tutorial: OSSEC Quick Start Guide.
5. ArcSight integration help can be found at this blog OSSEC Speaks ArcSight.
6. AnaLogi  (Analytical Log Interface) was built to sit on top of OSSEC (since OSSEC 2.6) and requires 0 modifications to OSSEC or the database schema that ships with OSSEC. AnaLogi requires a Webserver sporting PHP and MySQL.  Remy van Elst blogged about a nice tutorial which covers the basic installation of OSSEC 2.8 server on Ubuntu 14.04, as well as OSSEC WebUI and Analogi dashboard. Nice job!
7. To uninstall OSSEC, check out the blog by Remy van Elst here.