Easing analysis with a GUI
The realtime power of OSSEC lies with the e-mail alerts it throws out. Don't turn this off! The thing is, for many of us at least, we don't want to be tied to yet another ruddy interface and it's relatively easy to scan e-mails, paying attention to a higher rated alert.
Then again, GUI's are useful, as much as anything for learning the hackscape, and not least about your system, but also for slicing-dicing potential attack routes to shore up.
So have one. You've got options.
OSSEC-WUI
OSSEC-WUI is feather-weight on resource, but limited on reports. It doesn't have built-in authentication, that login thing, so you'll need to harden the installation using techniques such as htaccess and auth_digest, both of which we got bored of in Chapter 5:
OSSEC-WUI – http://ossec.net/wiki/OSSECWUI:Install
Splunk
Many say Splunk is overkill and, if you're happy with alerts and skimming logs in plain text, maybe it is. Then again, for most of us, and I suspect especially for us WordPress...
