Abstract
The OSSEC HIDS main configuration file, named ossec.conf, is an XML-based file that contains several sections and tags for configuring logging and alerting options, rule and log files, integrity checking and agents. To be able to fully use the OSSEC HIDS, one must have a thorough understanding of how the ossec.conf file is used. With the ossec.conf file, one can set specific alerts to email specific people and log the alerts to a database for further analysis. For best support and response, the ossec.conf file can be set up for email notifications to a cell phone or pager using SMS. The OSSEC HIDS can also be configured to read other, typically operating system specific, local log files. One simply specifies the log format and file location in the <localfile> tag of the ossec.conf file to include a file for monitoring. Because the OSSEC HIDS agent does not perform any analysis or processing of alerts, one must use the <server-ip> or <server-hostname> and <port> tags to indicate where the agent events are sent. These values represent the IP address and port of the OSSEC HIDS server.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
