bookmark_borderOSSEC v1.4 released

We are pleased to announce the general availability of OSSEC version 1.4. This
version comes with the following major new features:

  • Support for reading database logs from PostgreSQL and MySQL (info)
  • Support for Prelude (info)
  • Support for storing the alerts on MySQL and PostgreSQL (info)
  • Support for Sonicwall logs, HP-UX ftpd, AIX 5.3 syslog ,etc

Plus lots of bug fixes and small improvements. Check the v1.4 changelog to see all changes and contributors.

Special thanks to Michael Starks, Jeff Schroeder, Steve West, Tom Bicer, Peter M. Abraham, Colby W., Slava Semushin, Sebastien Tricaud, Leonardo Goldim, Trey Valenta, Dustin Lenz and Chris Abernethy for the contributions and John Ives, Rick McClinton, Paul Sebastian Ziegler, Daniel Medianero and Liliane Cid for beta testing this release.

Download it in here.

Official Announcement.

bookmark_borderOSSEC v1.4 BETA2 Available

The second beta of our 1.4 version is available for testing. You can directly download them from here:

What kind of testings do we urgently need?

  • Testing the Windows version (clean install and update) on Windows XP, 2000 and 2003
  • Testing the Unix version on Solaris, AIX, HP-UX, Mac, etc
  • Testing the database output (and checking if the docs make sense: FAQ – DB output)

In addition to that, we also need the normal testing on Linux, BSD, etc… Check out the release of the beta 1 and the Beta testing page in the Wiki for details.

bookmark_borderOSSEC v1.4 BETA1 Available

OSSEC v1.4 is soon to be available and we really need some help beta testing it. As I always say, trying out our beta releases is a simple and very effective way of helping the project.

How can you test it?
We created an entry in our Wiki with all the information necessary regarding beta testing. The test sets are very simple, but I plan to improve it as we progress. Download information, what to test and everything else is there.

What are the new features?

  • Support for storing the alerts in real time on external databases (MySQL and PostgreSQL)
  • Support for reading logs from databases (MySQL and PostgreSQL too)
  • Lots of new rules, bug fixes and performance improvements…

Any help is very appreciated.

bookmark_borderOSSEC and Prelude

Sebastien Tricaud sent us some patches to allow the communication between OSSEC and Prelude. If you are a Prelude and OSSEC user, please check it out and let us know how it goes.

Instructions on how to set it up is available at our FAQ entry How to enable Prelude Output? and at this link.

You will also need to use our latest development version from http://www.ossec.net/files/snapshots/ossec-hids-071006.tar.gz

bookmark_borderOSSEC v1.3 released

We are pleased to announce the general availability of OSSEC version 1.3.
This is one of our biggest releases so far, our first under the GPLv3, with numerous new features and bug fixes.

This new version comes with the following major new features:

  • User interface to manage the Windows Agent. Screenshots here.
  • Support for Courier pop3/imapd logs. samples here.
  • Support for Cisco IOS logs.
  • Support for Symantec Web Security logs.
  • Support for SMF-SAV Sendmail filter logs.
  • Chinese Translation of the installation script.
  • Support for host-based policy monitoring/enforcement on Windows systems. More information here.

Check the v1.3 changelog to check all changes and contributors.

Special thanks to Michael Starks, Brian Wang, Serge Dubrouski, Logan O’Sullivan Bruns and Dave Lowe for the contributions and Dennis Borkhus-Veto, John Ives and Liliane Cid for beta testing this release.

Download it in here.

Official announcement in here.

bookmark_borderOSSEC v1.3 BETA1 – Testers Needed

OSSEC v1.3 is soon to be available and we really need some help beta testing it. As I always say, trying out our beta releases is a simpler and very effective way of helping the project.

How can you test it?
We created an entry in our Wiki with all the information necessary regarding beta testing. The test sets are very simple, but I plan to improve it as we progress. Download information, what to test and everything else is there.

Any help is very appreciated.

bookmark_borderOSSEC and GPLv3

When we release a new version of OSSEC and tell our users to update to it, what do you think they do? Well, most of them upgrade to the latest version without asking too many questions. However, some users with C and development experience go out and diff the code, look at the CVS changelog, and do a careful review to see if the new version fits their needs. But (big BUT), the user must know what he or she is doing to make an informed decision.

Anyway, what it has to do with GPL? Well, I am not a lawyer and I am not a license expert. If the FSF that wrote the GPLv2 (license that ossec currently uses), tells me to update to the GPLv3, what do you think I should do? If my expertise were in licenses, I would go and review the license before deciding, but since it is not, I will probably just trust them and update.

What does that mean? Unless there is a good reason not to do so, next version of OSSEC will be under the GPLv3. We trust the work that the FSF is doing for the open source community and the process to develop the GPLv3 was very good (open participation, lots of smart contributors, etc), so the final product must be good too.

Any comments? Any license expert willing to share your thoughts?

bookmark_borderOSSEC CVS list

For those interested to follow our CVS commits and be more directly involved with ossec, we created a few days ago a mailing list for it. You can subscribe by sending an e-mail to ossec-cvs-subscribe at googlegroups.com or you can just browse the archives at googlegroups or the ossec site.

*note: this list is reading-only. Discussions about any commit should go to the ossec-dev list.

bookmark_borderOSSEC v1.2 available

We are pleased to announce the availability of OSSEC version 1.2. This new version comes with lots of new features, including:

  • Support for OpenBSD PF logs.
  • Support for compiled (c-based) decoders.
  • New options for composite rules: “srcport”, “dstport”, “same_src_port”, “same_dst_port” and
    “same_location”.
  • Additional granular e-mail options. We added “sms” format output and many other options.
  • Support for Zeus WebServer logs.
  • Support for daily/chained checksum of alert logs.

We also completed a large re-design of the internal architecture of analysisd (ossec process responsible for decoding and analysis), greatly improving performance and organization.

A list with all the new functionality and bug fixes is available at the Changelog.

Download the new version: http://www.ossec.net/en/downloads.html