Tuesday, May 28, 2013

New Setup package configures OSSEC to send alerts to ELSA

Previously, when a user ran Setup and enabled ELSA, they would be able to log into ELSA and view OSSEC *archive* logs (the raw logs received by OSSEC) but they wouldn't be able to view OSSEC *alerts* (created based on OSSEC's analysis of the incoming logs as configured by the OSSEC ruleset).  I've pushed a new Setup package that will configure OSSEC to send alerts to local syslog if the user enables ELSA.  The new package has been tested by Matt Gregory.  Thanks, Matt!

If you've already run Setup and would like to configure OSSEC to send alerts to ELSA, please see:

If you're performing a new installation, it's important to update your packages right after you've completed the Ubuntu installer and BEFORE running Setup.  You can initiate the upgrade process using the graphical Update Manager or using the following one-liner:
sudo apt-get update && sudo apt-get dist-upgrade
Upgrade Process
If you have any questions or problems, please use our mailing list:

Help Wanted
If you and/or your organization have found value in Security Onion, please consider giving back to the community by joining one of our teams:

We especially need help in answering support questions on the mailing list and IRC channel.  Thanks!

No comments:

Search This Blog

Featured Post

Sneak Peek: New Detections Feature coming in Security Onion 2.4.70!

Our latest video is a sneak peek at a NEW feature coming to our FREE and OPEN Security Onion platform in the upcoming 2.4.70 release! This n...

Popular Posts

Blog Archive