Tuesday, May 28, 2013

New Setup package configures OSSEC to send alerts to ELSA

Previously, when a user ran Setup and enabled ELSA, they would be able to log into ELSA and view OSSEC *archive* logs (the raw logs received by OSSEC) but they wouldn't be able to view OSSEC *alerts* (created based on OSSEC's analysis of the incoming logs as configured by the OSSEC ruleset).  I've pushed a new Setup package that will configure OSSEC to send alerts to local syslog if the user enables ELSA.  The new package has been tested by Matt Gregory.  Thanks, Matt!

If you've already run Setup and would like to configure OSSEC to send alerts to ELSA, please see:
https://code.google.com/p/security-onion/wiki/OSSECalertsToELSA

Updating
If you're performing a new installation, it's important to update your packages right after you've completed the Ubuntu installer and BEFORE running Setup.  You can initiate the upgrade process using the graphical Update Manager or using the following one-liner:
sudo apt-get update && sudo apt-get dist-upgrade
Upgrade Process
Feedback
If you have any questions or problems, please use our mailing list:
https://code.google.com/p/security-onion/wiki/MailingLists

Help Wanted
If you and/or your organization have found value in Security Onion, please consider giving back to the community by joining one of our teams:
https://code.google.com/p/security-onion/wiki/TeamMembers

We especially need help in answering support questions on the mailing list and IRC channel.  Thanks!

No comments:

Search This Blog

Featured Post

Did You Know Security Onion Scales to the Enterprise?

Did you know Security Onion scales to the enterprise? Security Onion is designed to scale from simple standalone deployments all the way up ...

Popular Posts

Blog Archive