| 1 |
gentuxx <gentuxx@×××××.com> writes: |
| 2 |
|
| 3 |
> Depending on what you're requirements are, try OSSEC-HIDS |
| 4 |
> (www.ossec.net). I've been using it for a couple weeks now and it's |
| 5 |
> pretty handy. The longer I use it, the more I add to it, the better it |
| 6 |
> is. Unfortunately there isn't an ebuild for it (yet). But it's really |
| 7 |
> easy to install. Plus it does a lot more than just log monitoring. |
| 8 |
|
| 9 |
You say it is easy to install and so it is, But once installed it |
| 10 |
isn't at all clear what this thing does. |
| 11 |
|
| 12 |
I'm guessing somewhere in all the hoopla it presents you with some |
| 13 |
analysis of logs. |
| 14 |
|
| 15 |
Its not one bit clear from there site how to get to that point. |
| 16 |
|
| 17 |
Sorry for the rant but I was sort of surprised to find no real |
| 18 |
overview that tells what this tool does in some detail. |
| 19 |
|
| 20 |
This is the overview on the home page: |
| 21 |
|
| 22 |
OSSEC HIDS is an Open Source Host-based Intrusion Detection System. It |
| 23 |
performs log analysis, integrity checking, rootkit detection, |
| 24 |
time-based alerting and active response. |
| 25 |
|
| 26 |
After that there is a manual the describes running the tool, but I |
| 27 |
never see any detailed summary of what it really does and how to |
| 28 |
access the analysis. |
| 29 |
|
| 30 |
I've gone way OT here but I hoped you might write to me privately and |
| 31 |
describe in some detail what you do with it... |
| 32 |
|
| 33 |
-- |
| 34 |
gentoo-user@g.o mailing list |
Archives