Welcome, Guest. Please login or register.
Did you miss your activation email?
Sunday 08 December 2024, 04:46:18 am

Login with username, password and session length

Visit the official Endian Community Mailinglist  HERE
14261 Posts in 4377 Topics by 6517 Members
Latest Member: Sandro
Search:     Advanced search
+  EFW Support
|-+  Development
| |-+  Contribute Your Customisations & Modifications
| | |-+  Ossec 2.6 Agent for Endian 2.51
0 Members and 1 Guest are viewing this topic. « previous next »
Pages: [1] Go Down Print
Author Topic: Ossec 2.6 Agent for Endian 2.51  (Read 29698 times)
martman22
Full Member
***
Offline Offline

Posts: 27


« on: Friday 13 April 2012, 10:49:31 pm »

I compiled the ossec version 2.6 security agent for Endian 2.51. Works great.

You may want to create a rule to ignore the squid access log  in your ossec.conf file
<ignore>/var/log/squid/access.log</ignore> to prevent a lot of excessive reporting,
unless you want to monitor web access.

Here are the install instructions:

•   Copy  file “endian-ossec.tar” to “var” directory on server.
•   Untar file “tar xvf endian-ossec.tar”
•   Run command “adduser  ossec”
•   Run command “chgrp ossec /var/ossec –R”
•   Copy file “ossec” startup script  to /etc/init.d directory
•   Run command “chmod 755 ossec”
•   Run command “chkconfig ossec on”
•   Copy file “ossec-init.conf” to /etc directory.
•   Change date reference in file.
•   Run ./manage-agents
•   Add ossec agent to ossec server monitoring
•   Modify master server IP in /var/ossec/etc/ossec.conf
•   Create  System Access firewall rule in endian for  TCP & port 1514
•   Run  command “/etc/init.d/ossec start”.

Logged
Pages: [1] Go Up Print 
« previous next »
Jump to:  

Page created in 0.063 seconds with 19 queries.
Powered by SMF 1.1 RC2 | SMF © 2001-2005, Lewis Media Design by 7dana.com