OSSEC

OSSEC is an open-source host-based intrusion detection system written in C. In OSSEC, a centralized OSSEC manager stores events sent by the OSSEC agent deployed on individual hosts, and captures system logs collected via remote syslog. Based on collected logs/events and built-in inspection rules, the correlation/analysis engine conducts log analysis, file integrity checking, rootkit/malware detection, and policy compliance monitoring in real-time. When potential attacks, misuse, or system errors are detected from the analysis, OSSEC alerts system admins or other applications about those events using various means such as syslog output, email notifications, database records, etc. OSSEC supports detecting intrusions on multiple operating systems (Linux, BSD, Mac OS X, Windows and Solaris) via agent-based monitoring, and various agent-less middlebox devices (routers, firewalls, proxies) via remote syslog. OSSEC can be integrated with other event monitoring application backends (e.g., Logstash, Elasticsearch or Zabbix) to store, index, visualize, and search OSSEC alerts. OSSEC provides a web-based dashboard for displaying agent status and alert statistics, and performing file integrity checking.


  • Website: http://ossec.github.io/
  • Platform: Cross-platform
  • License: GNU GPLv2
  • Documentation: http://ossec.github.io/docs/
  • Source repository: git
  • Community: bug tracker
  • Features: , , ,
  • Similar Software

    Log.io Log.io is a real-time log monitoring system written in JavaScript. It allows users to browse and search a stream of log messages in real-time within a web browser window. Log.io consists of three co...
    Logstash Logstash is an open-source data collection system which supports horizontally-scaling data processing pipelines constructed from a wide collection of community-built input, filter, and output plugins....
    fail2ban fail2ban is a Python-based intrusion prevention software that can protect various services on Linux. It works by analyzing system and application log files (e.g., /var/log/auth.log, /var/log/apache/e...
    Graylog Graylog is a Java-based open-source log management system which collects, indexes, and analyzes (structured/unstructured) log data from syslog or any third-party applications Graylog's centralized lo...
    Suricata Suricata is an open-source intrusion detection and prevention system (IDS/IPS) developed by the Open Information Security Foundation (OISF). It features a modularized and multi-threaded architecture ...

    Subscribe to Xmodulo List

    Do you want to receive posts about Linux applications and software recommended by Xmodulo List? Enter your email address below, and we will deliver our recommendations straight to your email box, for free. Delivery powered by Google Feedburner.

    Leave a comment

    Your email address will not be published. Required fields are marked *