gentuxx <[EMAIL PROTECTED]> writes: > Depending on what you're requirements are, try OSSEC-HIDS > (www.ossec.net). I've been using it for a couple weeks now and it's > pretty handy. The longer I use it, the more I add to it, the better it > is. Unfortunately there isn't an ebuild for it (yet). But it's really > easy to install. Plus it does a lot more than just log monitoring.
You say it is easy to install and so it is, But once installed it isn't at all clear what this thing does. I'm guessing somewhere in all the hoopla it presents you with some analysis of logs. Its not one bit clear from there site how to get to that point. Sorry for the rant but I was sort of surprised to find no real overview that tells what this tool does in some detail. This is the overview on the home page: OSSEC HIDS is an Open Source Host-based Intrusion Detection System. It performs log analysis, integrity checking, rootkit detection, time-based alerting and active response. After that there is a manual the describes running the tool, but I never see any detailed summary of what it really does and how to access the analysis. I've gone way OT here but I hoped you might write to me privately and describe in some detail what you do with it... -- gentoo-user@gentoo.org mailing list
