|
Title: Ossec 2.6 Agent for Endian 2.51 Post by: martman22 on Friday 13 April 2012, 10:49:31 pm I compiled the ossec version 2.6 security agent for Endian 2.51. Works great.
You may want to create a rule to ignore the squid access log in your ossec.conf file <ignore>/var/log/squid/access.log</ignore> to prevent a lot of excessive reporting, unless you want to monitor web access. Here are the install instructions: • Copy file “endian-ossec.tar” to “var” directory on server. • Untar file “tar xvf endian-ossec.tar” • Run command “adduser ossec” • Run command “chgrp ossec /var/ossec –R” • Copy file “ossec” startup script to /etc/init.d directory • Run command “chmod 755 ossec” • Run command “chkconfig ossec on” • Copy file “ossec-init.conf” to /etc directory. • Change date reference in file. • Run ./manage-agents • Add ossec agent to ossec server monitoring • Modify master server IP in /var/ossec/etc/ossec.conf • Create System Access firewall rule in endian for TCP & port 1514 • Run command “/etc/init.d/ossec start”. |