as22323
commented
7 years ago http://ossec-docs.readthedocs.io/en/latest/manual/output/syslog-output.html
install on Honey Pot as "local" install.
Update the following: vi /var/ossec/etc/ossec.conf
Open CUGCR opened 7 years ago
as22323
commented
7 years ago http://ossec-docs.readthedocs.io/en/latest/manual/output/syslog-output.html
install on Honey Pot as "local" install.
Update the following: vi /var/ossec/etc/ossec.conf
as22323
commented
7 years ago list of changes & important sections in ossec.conf:
<ossec_config>
.
.
.
<!-- GCRxx email credentials and output type(i.e. json) -->
<global>
<email_notification>yes</email_notification>
<email_to>xxx@xxx.ca</email_to>
<smtp_server>xx.xxx.com</smtp_server>
<email_from>xxxx@xxxx</email_from>
<jsonout_output>yes</jsonout_output>
</global>
<!-- GCRxx where to send alerts-->
<syslog_output>
<server>10.xxx.xxx.xxx</server>
<port>xxxx</port>
</syslog_output>
<syslog_output>
<server>xxxx.228.213.xxxx</server>
<port>xxxx</port>
</syslog_output>
<!-- ASxx https://blog.wazuh.com/configure-ossec-to-report-changes-in-the-content-of-a-text-file/ -->
.
.
.
<auto_ignore>no</auto_ignore>
<!-- Directories to check (perform all possible verifications) -->
<directories check_all="yes">/etc,/usr/bin,/usr/sbin</directories>
<directories check_all="yes">/bin,/sbin,/boot</directories>
.
.
.
<alerts>
<log_alert_level>1</log_alert_level>
<email_alert_level>7</email_alert_level>
</alerts>
.
.
.
<ossec_config>
http://ossec-docs.readthedocs.io/en/latest/manual/installation/install-source-unattended.html