bookmark_borderBruce Schneier on log analysis

We all respect Bruce Schneier’s opinion (if you don’t be careful) and I found very interesting his take on log analysis:

Whenever someone attacks you, they leave footprints… All of these products have audit logs and they produce audit messages (Millions of messages a day). Most of them are a complete waste of time, like printer out of toner. So what?

But some of them are very important. In those audit logs are footprint of attacks. If you can monitor those on real time you can watch the attacker as he is attacking. If you can understand what is going on fast enough, you can kick him out before he does more damage…

You can watch it here.

bookmark_borderCool ossec logo/mascot

James Throgmorton sent to me a very cool mascot that he did for ossec. It is based on the 300 movie and looking pretty good.

OSSEC - 300

I was also playing with IMG2TXT and it is generating some very good ascii-based logos for ossec. Check out one example here.

On a side note, RichM fromEthical Hacker posted a “Quick and dirty tutorial on getting OSSEC, the open source IDS that’s #2 on, running on the Business Card ISO of Debian. Now go out there and start keeping an eye on your network.” .. Good stuff!

bookmark_borderOSSEC v1.3 released

We are pleased to announce the general availability of OSSEC version 1.3.
This is one of our biggest releases so far, our first under the GPLv3, with numerous new features and bug fixes.

This new version comes with the following major new features:

  • User interface to manage the Windows Agent. Screenshots here.
  • Support for Courier pop3/imapd logs. samples here.
  • Support for Cisco IOS logs.
  • Support for Symantec Web Security logs.
  • Support for SMF-SAV Sendmail filter logs.
  • Chinese Translation of the installation script.
  • Support for host-based policy monitoring/enforcement on Windows systems. More information here.

Check the v1.3 changelog to check all changes and contributors.

Special thanks to Michael Starks, Brian Wang, Serge Dubrouski, Logan O’Sullivan Bruns and Dave Lowe for the contributions and Dennis Borkhus-Veto, John Ives and Liliane Cid for beta testing this release.

Download it in here.

Official announcement in here.