Using OSSEC
Start OSSEC and say ciao to root. To start, stop, or restart the program, respectively:
/var/ossec/bin/ossec-control [start/stop/restart]
exitGauge your settings in /var/ossec/etc/ossec.conf, spewed out in easy-read XML. Having edited it, you'll have to restart the app. The main thing is to ensure that all your key log files are being tracked usefully by OSSEC while weeding out false positive alerts.
Note
Refer to Chapter 9's logs section for the over-excitement that is real-time data analysis.
We must move on. This has been a brief introduction. Have some compensation:
The Everything – http://ossec.net/main/manual
