Version 1.5 comes with lot of additions to our log analysis (or LIDS – Log-based IDS) capabilities. Some of the new log formats we now support are:
- Solaris BSM auditing logs
- Asterisk logs
- Checkpoint and Smart Defense logs
- Debian package (dpkg) install/status/remove messages
- Shorewall logs
- Postfix SASL error messages
- Localized pure-ftpd messages (for 12 different languages)
In addition to that, we can now properly read DJB multilog files and read them with our decoders. To read it, just add to the configuration (in this example to read sshd logs):
<localfile>
<log_format>djb-multilog</log_format>
<location>/var/log/sshd/current</location>
</localfile>
Hope you enjoy OSSEC v1.5 when it is out 🙂