{"id":116,"date":"2009-04-14T21:41:00","date_gmt":"2009-04-14T21:41:00","guid":{"rendered":"https:\/\/defragged.org\/ossec\/?p=116"},"modified":"2020-07-02T21:42:29","modified_gmt":"2020-07-02T21:42:29","slug":"ossec-to-twitter","status":"publish","type":"post","link":"https:\/\/defragged.org\/ossec\/2009\/04\/ossec-to-twitter\/","title":{"rendered":"OSSEC to Twitter"},"content":{"rendered":"\n

Want to see your OSSEC alerts on twitter<\/a>? We just added support for that on the latest snapshot<\/a>.<\/p>\n\n\n\n

To make it work, first update to the latest snapshot and add the following to your ossec.conf:<\/p>\n\n\n\n

<command>
<name>ossec-tweeter<\/name>
<expect><\/expect>
<executable>ossec-tweeter.sh<\/executable>
<\/command><\/p>

<active-response>
<command>ossec-tweeter<\/command>
<location>server<\/location>
<level>6<\/level>
<\/active-response><\/p><\/blockquote>\n\n\n\n

Where the first entry \u201ccommand\u201d<\/em> is defining the active response script and the second one \u201cactive-response\u201d<\/em> is configuring when to execute it. In my example above, I chose to execute it for every alert >= level 6. Note, that you can\u2019t run it on the individual agents, just on the management server.<\/p>\n\n\n\n

After that, you need to configure the twitter script with the appropriate credentials. So, open the file \/var\/ossec\/active-response\/bin\/ossec-tweeter.sh<\/strong> and modify the first 2 entries:<\/p>\n\n\n\n

TWITTERUSER=\u201dyouruser\u201d
TWITTERPASS=\u2019yourpass\u2019<\/p><\/blockquote>\n\n\n\n

If you want to send direct messages to yourself (or any other account), also set the direct msg user variable:<\/p>\n\n\n\n

DIRECTMSGUSER=\u201d”<\/p><\/blockquote>\n\n\n\n

After that, just restart OSSEC and wait for the updates. If you want some examples, check the ossec twitter page<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"

Want to see your OSSEC alerts on twitter? We just added support for that on the latest snapshot. To make it work, first update to the latest snapshot and add the following to your ossec.conf: <command><name>ossec-tweeter<\/name><expect><\/expect><executable>ossec-tweeter.sh<\/executable><\/command> <active-response><command>ossec-tweeter<\/command><location>server<\/location><level>6<\/level><\/active-response> Where the first entry \u201ccommand\u201d is defining the active response script and the second one \u201cactive-response\u201d is configuring when to execute it. In my […]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[2,5],"tags":[],"_links":{"self":[{"href":"https:\/\/defragged.org\/ossec\/wp-json\/wp\/v2\/posts\/116"}],"collection":[{"href":"https:\/\/defragged.org\/ossec\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/defragged.org\/ossec\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/defragged.org\/ossec\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/defragged.org\/ossec\/wp-json\/wp\/v2\/comments?post=116"}],"version-history":[{"count":1,"href":"https:\/\/defragged.org\/ossec\/wp-json\/wp\/v2\/posts\/116\/revisions"}],"predecessor-version":[{"id":117,"href":"https:\/\/defragged.org\/ossec\/wp-json\/wp\/v2\/posts\/116\/revisions\/117"}],"wp:attachment":[{"href":"https:\/\/defragged.org\/ossec\/wp-json\/wp\/v2\/media?parent=116"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/defragged.org\/ossec\/wp-json\/wp\/v2\/categories?post=116"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/defragged.org\/ossec\/wp-json\/wp\/v2\/tags?post=116"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}