Trend Micro continued previous year's OSSEC Symposium with OSSEC CON 2013. The conference was again a huge success and the attendees tripled compared to 2012. The user community response was excellent and many from outside the US requested to have future OSSEC CON's in places near their countries of origin. If you missed OSSEC CON 2013, see the recap page for a high level summary and keynote presentation slides.
Symposium Summer 2012, July 12-13, Cupertino, CA
Trend Micro has announced the
first OSSEC Symposium to the open source community. It's a two-day event to be
held in Cupertino, California, USA on July 12-13, 2012. The agenda includes Trend
Micro managers talking about the future direction of OSSEC project, expert
OSSEC developers presenting their experience, and fellow OSSEC users sharing
their success stories as well as pain points. The symposium was a big success and a complete recap along with the presentation slides are available at www.ossec.net.
Splunk can receive OSSEC alerts via syslog. There is a free version which allows you to index up to 500 megabytes of data per day, and make the data ready for query and correlation. Splunk for OSSEC is an app which offers parsing logic, saved searches, and dashboards. Here is a blog for the installation of OSSEC & Splunk.
Enterprise Log Search and Archive) is a centralized syslog framework built on Syslog-NG, MySQL, and Sphinx full-text search. It provides a fully asynchronous web-based query interface that normalizes logs and makes searching billions of them for arbitrary strings as easy as searching the web.
OSSIM (Open Source SIEM) provides event collection, normalization,
correlation and incident response. There is an OSSIM Tutorial: OSSEC Quick Start Guide.
AnaLogi(Analytical Log Interface) was built to sit on top of OSSEC (since OSSEC 2.6) and requires 0 modifications to OSSEC or the database schema that ships with OSSEC. AnaLogi requires a Webserver sporting PHP and MySQL. Remy van Elst blogged about a nice tutorial which covers the basic installation of OSSEC 2.8 server on Ubuntu 14.04, as well as OSSEC WebUI and Analogi dashboard. Nice job!
To uninstall OSSEC, check out the blog by Remy van Elst here.