OSSEC is an open-source host-based intrusion detection system written in C. In OSSEC, a centralized OSSEC manager stores events sent by the OSSEC agent deployed on individual hosts, and captures system logs collected via remote syslog. Based on collected logs/events and built-in inspection rules, the correlation/analysis engine conducts log analysis, file integrity checking, rootkit/malware detection, and policy compliance monitoring in real-time. When potential attacks, misuse, or system errors are detected from the analysis, OSSEC alerts system admins or other applications about those events using various means such as syslog output, email notifications, database records, etc. OSSEC supports detecting intrusions on multiple operating systems (Linux, BSD, Mac OS X, Windows and Solaris) via agent-based monitoring, and various agent-less middlebox devices (routers, firewalls, proxies) via remote syslog. OSSEC can be integrated with other event monitoring application backends (e.g., Logstash, Elasticsearch or Zabbix) to store, index, visualize, and search OSSEC alerts. OSSEC provides a web-based dashboard for displaying agent status and alert statistics, and performing file integrity checking.

  • Website: http://ossec.github.io/
  • Platform: Cross-platform
  • License: GNU GPLv2
  • Documentation: http://ossec.github.io/docs/
  • Source repository: git
  • Community: bug tracker
  • Features: , , ,
  • Similar Software

    Snort Snort is a network-based intrusion detection and prevention system written in C. Snort sniffs network packets on the wire, analyzes packet contents against known attack signatures, and logs any suspi...
    Suricata Suricata is an open-source intrusion detection and prevention system (IDS/IPS) developed by the Open Information Security Foundation (OISF). It features a modularized and multi-threaded architecture ...
    Graylog Graylog is a Java-based open-source log management system which collects, indexes, and analyzes (structured/unstructured) log data from syslog or any third-party applications Graylog's centralized lo...
    Bro Bro is an open-source network monitoring and intrusion detection system written in C++. Bro collects live packets via the libpcap interface, analyzes packet contents, generates events from the analys...
    Log.io Log.io is a real-time log monitoring system written in JavaScript. It allows users to browse and search a stream of log messages in real-time within a web browser window. Log.io consists of three co...

    Subscribe to Xmodulo List

    Do you want to receive posts about Linux applications and software recommended by Xmodulo List? Enter your email address below, and we will deliver our recommendations straight to your email box, for free. Delivery powered by Google Feedburner.

    Leave a comment

    Your email address will not be published. Required fields are marked *