Month: October 2007

bookmark_borderOSSEC v1.4 released

Posted on by Daniel Cid

We are pleased to announce the general availability of OSSEC version 1.4. This
version comes with the following major new features:

  • Support for reading database logs from PostgreSQL and MySQL (info)
  • Support for Prelude (info)
  • Support for storing the alerts on MySQL and PostgreSQL (info)
  • Support for Sonicwall logs, HP-UX ftpd, AIX 5.3 syslog ,etc

Plus lots of bug fixes and small improvements. Check the v1.4 changelog to see all changes and contributors.

Special thanks to Michael Starks, Jeff Schroeder, Steve West, Tom Bicer, Peter M. Abraham, Colby W., Slava Semushin, Sebastien Tricaud, Leonardo Goldim, Trey Valenta, Dustin Lenz and Chris Abernethy for the contributions and John Ives, Rick McClinton, Paul Sebastian Ziegler, Daniel Medianero and Liliane Cid for beta testing this release.

Download it in here.

Official Announcement.

bookmark_borderOSSEC -> Sguil

Posted on by Daniel Cid

David Bianco released a test version of an agent that can take events from
OSSEC and insert them into Sguil as alerts. This is his full msg to the ossec-list:

I’ve put together a test release of an agent that can take events from
the OSSEC alert.log and insert them into Sguil as alerts. It’s based
on the example agent that comes with sguil 0.7.0 (in CVS). It’s pretty
rough code at the moment, but I think I got most of the crash bugs out
of it. Still, I wouldn’t run it on production Sguil servers without
testing it yourself.

You can fetch the code from:

http://www.vorant.com/files/ossec_agent-0.01.tar.gz

bookmark_borderOSSEC v1.4 BETA2 Available

Posted on by Daniel Cid

The second beta of our 1.4 version is available for testing. You can directly download them from here:

What kind of testings do we urgently need?

  • Testing the Windows version (clean install and update) on Windows XP, 2000 and 2003
  • Testing the Unix version on Solaris, AIX, HP-UX, Mac, etc
  • Testing the database output (and checking if the docs make sense: FAQ – DB output)

In addition to that, we also need the normal testing on Linux, BSD, etc… Check out the release of the beta 1 and the Beta testing page in the Wiki for details.

bookmark_borderOSSEC v1.4 BETA1 Available

Posted on by Daniel Cid

OSSEC v1.4 is soon to be available and we really need some help beta testing it. As I always say, trying out our beta releases is a simple and very effective way of helping the project.

How can you test it?
We created an entry in our Wiki with all the information necessary regarding beta testing. The test sets are very simple, but I plan to improve it as we progress. Download information, what to test and everything else is there.

What are the new features?

  • Support for storing the alerts in real time on external databases (MySQL and PostgreSQL)
  • Support for reading logs from databases (MySQL and PostgreSQL too)
  • Lots of new rules, bug fixes and performance improvements…

Any help is very appreciated.

bookmark_borderOSSEC and Prelude

Posted on by Daniel Cid

Sebastien Tricaud sent us some patches to allow the communication between OSSEC and Prelude. If you are a Prelude and OSSEC user, please check it out and let us know how it goes.

Instructions on how to set it up is available at our FAQ entry How to enable Prelude Output? and at this link.

You will also need to use our latest development version from http://www.ossec.net/files/snapshots/ossec-hids-071006.tar.gz

bookmark_borderOSSEC at IT Undeground 2007

Posted on by Daniel Cid

OSSEC will be represented at the 2007 IT Underground Conference, in Warsaw(Poland), where I will be speaking about Log-Based Intrusion Detection (using OSSEC of course). It is going to be a hands on, 1 hour presentation, where everyone will be invited to bring their own laptops and actively participate on it. If you live in Poland (or near by), make sure to attend to lean more about LIDS, OSSEC and log analysis.