OSSEC

OSSEC is an open-source host-based intrusion detection system written in C. In OSSEC, a centralized OSSEC manager stores events sent by the OSSEC agent deployed on individual hosts, and captures system logs collected via remote syslog. Based on collected logs/events and built-in inspection rules, the correlation/analysis engine conducts log analysis, file integrity checking, rootkit/malware detection, and policy compliance monitoring in real-time. When potential attacks, misuse, or system errors are detected from the analysis, OSSEC alerts system admins or other applications about those events using various means such as syslog output, email notifications, database records, etc. OSSEC supports detecting intrusions on multiple operating systems (Linux, BSD, Mac OS X, Windows and Solaris) via agent-based monitoring, and various agent-less middlebox devices (routers, firewalls, proxies) via remote syslog. OSSEC can be integrated with other event monitoring application backends (e.g., Logstash, Elasticsearch or Zabbix) to store, index, visualize, and search OSSEC alerts. OSSEC provides a web-based dashboard for displaying agent status and alert statistics, and performing file integrity checking.


  • Website: http://ossec.github.io/
  • Platform: Cross-platform
  • License: GNU GPLv2
  • Documentation: http://ossec.github.io/docs/
  • Source repository: git
  • Community: bug tracker
  • Features: , , ,
  • Similar Software

    Snort Snort is a network-based intrusion detection and prevention system written in C. Snort sniffs network packets on the wire, analyzes packet contents against known attack signatures, and logs any suspi...
    Fluentd Fluentd is an open-source log collector system written in C and Ruby. As a unified log collection and delivery engine, Fluentd can be integrated via community-built input/output plugins, with a varie...
    Suricata Suricata is an open-source intrusion detection and prevention system (IDS/IPS) developed by the Open Information Security Foundation (OISF). It features a modularized and multi-threaded architecture ...
    Bro Bro is an open-source network monitoring and intrusion detection system written in C++. Bro collects live packets via the libpcap interface, analyzes packet contents, generates events from the analys...
    fail2ban fail2ban is a Python-based intrusion prevention software that can protect various services on Linux. It works by analyzing system and application log files (e.g., /var/log/auth.log, /var/log/apache/e...

    Subscribe to Xmodulo List

    Do you want to receive posts about Linux applications and software recommended by Xmodulo List? Enter your email address below, and we will deliver our recommendations straight to your email box, for free. Delivery powered by Google Feedburner.

    Leave a comment

    Your email address will not be published. Required fields are marked *