EFW Support

Development => Contribute Your Customisations & Modifications => Topic started by: martman22 on Friday 13 April 2012, 10:49:31 pm



Title: Ossec 2.6 Agent for Endian 2.51
Post by: martman22 on Friday 13 April 2012, 10:49:31 pm
I compiled the ossec version 2.6 security agent for Endian 2.51. Works great.

You may want to create a rule to ignore the squid access log  in your ossec.conf file
<ignore>/var/log/squid/access.log</ignore> to prevent a lot of excessive reporting,
unless you want to monitor web access.

Here are the install instructions:

•   Copy  file “endian-ossec.tar” to “var” directory on server.
•   Untar file “tar xvf endian-ossec.tar”
•   Run command “adduser  ossec”
•   Run command “chgrp ossec /var/ossec –R”
•   Copy file “ossec” startup script  to /etc/init.d directory
•   Run command “chmod 755 ossec”
•   Run command “chkconfig ossec on”
•   Copy file “ossec-init.conf” to /etc directory.
•   Change date reference in file.
•   Run ./manage-agents
•   Add ossec agent to ossec server monitoring
•   Modify master server IP in /var/ossec/etc/ossec.conf
•   Create  System Access firewall rule in endian for  TCP & port 1514
•   Run  command “/etc/init.d/ossec start”.