OSPatrol
Manual
Getting started with OSPatrol
OSPatrol Architecture
Supported Systems
Installation
Agents
Log monitoring/analysis
Syscheck
Rootcheck Manual
Rules and Decoders
Output and Alert options
Active Response
Frequently asked questions
Agents: FAQ
Alerts: FAQ
OSPatrol: FAQ
OSPatrol-WUI: FAQ
Syscheck: FAQ
When the unexpected happens: FAQ
Syntax and Options
Regular Expression Syntax
Log Analysis Syntax: Rules and Decoders
ospatrol.conf: syntax and options
agent.conf
internal_options.conf: syntax and options
Man pages
agent-auth
agent_control
clear_stats
list_agents
manage_agents
ospatrol-agentd
ospatrol-agentlessd
ospatrol-analysisd
ospatrol-authd
ospatrol-control
ospatrol-csyslogd
ospatrol-dbd
ospatrol-execd
ospatrol-logcollector
ospatrol-logtest
ospatrol-maild
ospatrol-makelists
ospatrol-monitord
ospatrol-regex
ospatrol-remoted
ospatrol-reportd
ospatrol-syscheckd
rootcheck_control
syscheck_control
syscheck_update
util.sh
verify-agent-conf
Rules/Decoders Documentation
Rules Documentation
Rootcheck / Syscheck Reference
Information about the Beastkit Rootkit
Information about the Knark Rootkit
Information about Old Rootkits
Information about Suspicious files
Information about the T.R.K rootkit
Information about the Tuxkit Rootkit
Log Samples
Stuff
Glossary
OSPatrol
Docs
»
Edit on GitHub
Index
Symbols
|
A
|
B
|
C
|
D
|
E
|
F
|
G
|
H
|
I
|
L
|
M
|
N
|
O
|
P
|
R
|
S
|
T
|
U
|
W
Symbols
-a
agent_control command line option
clear_stats command line option
manage_agents command line option
ospatrol-logtest command line option
syscheck_update command line option
-A <agent_name>
agent-auth command line option
-c
manage_agents command line option
-c <config>
ospatrol-agentd command line option
ospatrol-analysisd command line option
ospatrol-csyslogd command line option
ospatrol-dbd command line option
ospatrol-execd command line option
ospatrol-logcollector command line option
ospatrol-logtest command line option
ospatrol-maild command line option
ospatrol-makelists command line option
ospatrol-monitord command line option
ospatrol-remoted command line option
ospatrol-syscheckd command line option
-D
agent-auth command line option
-d
clear_stats command line option
ospatrol-agentd command line option
ospatrol-analysisd command line option
ospatrol-authd command line option
ospatrol-csyslogd command line option
ospatrol-dbd command line option
ospatrol-execd command line option
ospatrol-logcollector command line option
ospatrol-logtest command line option
ospatrol-maild command line option
ospatrol-makelists command line option
ospatrol-monitord command line option
ospatrol-remoted command line option
ospatrol-syscheckd command line option
syscheck_control command line option
-D <dir>
ospatrol-agentd command line option
ospatrol-analysisd command line option
ospatrol-csyslogd command line option
ospatrol-dbd command line option
ospatrol-execd command line option
ospatrol-logcollector command line option
ospatrol-logtest command line option
ospatrol-maild command line option
ospatrol-makelists command line option
ospatrol-monitord command line option
ospatrol-remoted command line option
ospatrol-syscheckd command line option
-e <agent_id>
manage_agents command line option
-f
ospatrol-agentd command line option
ospatrol-csyslogd command line option
ospatrol-dbd command line option
ospatrol-execd command line option
ospatrol-logcollector command line option
ospatrol-maild command line option
ospatrol-makelists command line option
ospatrol-monitord command line option
ospatrol-syscheckd command line option
-f <file>
manage_agents command line option
-f <file>
syscheck_control command line option
-f <filter> <value>
ospatrol-reportd command line option
-g <group>
ospatrol-agentd command line option
ospatrol-csyslogd command line option
ospatrol-dbd command line option
ospatrol-logtest command line option
ospatrol-maild command line option
ospatrol-makelists command line option
ospatrol-monitord command line option
ospatrol-remoted command line option
-h
agent-auth command line option
agent_control command line option
clear_stats command line option
manage_agents command line option
,
[1]
ospatrol-agentd command line option
ospatrol-analysisd command line option
ospatrol-csyslogd command line option
ospatrol-dbd command line option
ospatrol-execd command line option
ospatrol-logcollector command line option
ospatrol-logtest command line option
ospatrol-maild command line option
ospatrol-makelists command line option
ospatrol-monitord command line option
ospatrol-remoted command line option
ospatrol-reportd command line option
ospatrol-syscheckd command line option
rootcheck_control command line option
syscheck_control command line option
syscheck_update command line option
-i
ospatrol-authd command line option
-i <agent_id>
agent_control command line option
rootcheck_control command line option
syscheck_control command line option
-i <key>
manage_agents command line option
-L
rootcheck_control command line option
-l
agent_control command line option
manage_agents command line option
rootcheck_control command line option
syscheck_control command line option
syscheck_update command line option
-lc
agent_control command line option
rootcheck_control command line option
syscheck_control command line option
-m <manager_ip>
agent-auth command line option
-n
manage_agents command line option
-n <string>
ospatrol-reportd command line option
-p <port>
agent-auth command line option
ospatrol-authd command line option
-q
rootcheck_control command line option
-r
agent_control command line option
rootcheck_control command line option
-r -i
syscheck_control command line option
-R <agent_id>
agent_control command line option
-r <filter> <value>
ospatrol-reportd command line option
-s
ospatrol-reportd command line option
rootcheck_control command line option
syscheck_control command line option
-t
ospatrol-agentd command line option
ospatrol-analysisd command line option
ospatrol-csyslogd command line option
ospatrol-dbd command line option
ospatrol-execd command line option
ospatrol-logcollector command line option
ospatrol-logtest command line option
ospatrol-maild command line option
ospatrol-monitord command line option
ospatrol-remoted command line option
ospatrol-syscheckd command line option
-u <agent_id>
agent_control command line option
syscheck_control command line option
syscheck_update command line option
-u <id>
rootcheck_control command line option
-u <user>
ospatrol-agentd command line option
ospatrol-csyslogd command line option
ospatrol-dbd command line option
ospatrol-logtest command line option
ospatrol-maild command line option
ospatrol-makelists command line option
ospatrol-monitord command line option
ospatrol-remoted command line option
-u all
rootcheck_control command line option
syscheck_control command line option
-u local
syscheck_update command line option
-V
manage_agents command line option
ospatrol-agentd command line option
ospatrol-analysisd command line option
ospatrol-csyslogd command line option
ospatrol-dbd command line option
ospatrol-execd command line option
ospatrol-logcollector command line option
ospatrol-logtest command line option
ospatrol-maild command line option
ospatrol-makelists command line option
ospatrol-monitord command line option
ospatrol-remoted command line option
ospatrol-syscheckd command line option
-v
ospatrol-logtest command line option
-w
clear_stats command line option
-z
syscheck_control command line option
A
active-response
agent-auth command line option
-A <agent_name>
-D
-h
-m <manager_ip>
-p <port>
agent.debug
agent_config
agent_config_options
agent_control command line option
-R <agent_id>
-a
-h
-i <agent_id>
-l
-lc
-r
-u <agent_id>
agent_id
agentless
,
[1]
alerts
alias
,
[1]
allowed-ips
analysisd.debug
analysisd.default_timeframe
analysisd.fts_list_size
analysisd.fts_min_size_for_str
analysisd.log_fw
analysisd.stats_maxdiff
analysisd.stats_mindiff
analysisd.stats_percent_diff
arguments
,
[1]
B
base_directory
C
categories
category
check_dev
check_diff
,
[1]
,
[2]
check_files
check_if
check_pids
check_policy
check_ports
check_sys
check_trojans
check_unixaudit
check_winapps
check_winaudit
check_winmalware
clear_stats command line option
-a
-d
-h
-w
command
,
[1]
,
[2]
,
[3]
connection
custom_alert_output
D
database
database_output
dbd.reconnect_attempts
decoded_as
decoder
,
[1]
decoder.fts
decoder.ftscomment
decoder.order
decoder.parent
decoder.prematch
decoder.program_name
decoder.regex
decoder_dir
deny-ips
description
disabled
,
[1]
do_not_delay
do_not_group
dstip
E
email_alert_level
email_alerts
email_from
email_maxperhour
email_notification
email_to
,
[1]
,
[2]
event_location
executable
expect
F
format
,
[1]
frequency
,
[1]
,
[2]
,
[3]
,
[4]
G
geoip_db_path
global
group
,
[1]
,
[2]
,
[3]
H
HIDS
host
,
[1]
host_infomation
hostname
,
[1]
I
id
if_group
if_level
if_matched_group
if_matched_level
if_matched_sid
if_sid
include
info
ipv6
L
level
,
[1]
,
[2]
,
[3]
LIDS
list
,
[1]
local_ip
localfile
,
[1]
location
,
[1]
,
[2]
,
[3]
,
[4]
log_alert_level
log_format
,
[1]
logall
logcollector.loop_timeout
logcollector.open_attempts
logcollector.remote_commands=0
M
maild.full_subject
maild.geoip
maild.groupping
maild.strict_checking
manage_agents command line option
-V
-a
-c
-e <agent_id>
-f <file>
-h
,
[1]
-i <key>
-l
-n
match
memory_size
monitord.compress
monitord.day_wait
monitord.monitor_agents
monitord.sign
N
name
,
[1]
notify_time
O
options
os
ospatrol-agentd command line option
-D <dir>
-V
-c <config>
-d
-f
-g <group>
-h
-t
-u <user>
ospatrol-analysisd command line option
-D <dir>
-V
-c <config>
-d
-h
-t
ospatrol-authd command line option
-d
-i
-p <port>
ospatrol-csyslogd command line option
-D <dir>
-V
-c <config>
-d
-f
-g <group>
-h
-t
-u <user>
ospatrol-dbd command line option
-D <dir>
-V
-c <config>
-d
-f
-g <group>
-h
-t
-u <user>
ospatrol-execd command line option
-D <dir>
-V
-c <config>
-d
-f
-h
-t
ospatrol-logcollector command line option
-D <dir>
-V
-c <config>
-d
-f
-h
-t
ospatrol-logtest command line option
-D <dir>
-V
-a
-c <config>
-d
-g <group>
-h
-t
-u <user>
-v
ospatrol-maild command line option
-D <dir>
-V
-c <config>
-d
-f
-g <group>
-h
-t
-u <user>
ospatrol-makelists command line option
-D <dir>
-V
-c <config>
-d
-f
-g <group>
-h
-u <user>
ospatrol-monitord command line option
-D <dir>
-V
-c <config>
-d
-f
-g <group>
-h
-t
-u <user>
ospatrol-remoted command line option
-D <dir>
-V
-c <config>
-d
-g <group>
-h
-t
-u <user>
ospatrol-reportd command line option
-f <filter> <value>
-h
-n <string>
-r <filter> <value>
-s
ospatrol-syscheckd command line option
-D <dir>
-V
-c <config>
-d
-f
-h
-t
P
password
picviz_output
picviz_socket
port
,
[1]
,
[2]
prelude_output
profile
program_name
protocol
R
regex
remote
remoted.comp_average_printout
remoted.debug
remoted.recv_counter_flush
remoted.verify_msg_id
repeated_offenders
reports
rootcheck_control command line option
-L
-h
-i <agent_id>
-l
-lc
-q
-r
-s
-u <id>
-u all
rootkit_files
rootkit_trojans
rule
,
[1]
,
[2]
rule_dir
rule_id
,
[1]
rules_group
rules_id
S
same_dst_port
same_location
same_source_ip
same_source_port
scanall
server
server-hostname
server-ip
,
[1]
showlogs
smtp_server
srcip
,
[1]
state
,
[1]
stats
syscheck.sleep
syscheck.sleep_after
syscheck_control command line option
-d
-f <file>
-h
-i <agent_id>
-l
-lc
-r -i
-s
-u <agent_id>
-u all
-z
syscheck_update command line option
-a
-h
-l
-u <agent_id>
-u local
syslog_output
system_audit
T
time
timeout
timeout_allowed
title
type
U
url
use_geoip
user
,
[1]
username
W
weekday
white_list
windows.debug
windows_apps
windows_audit
windows_malware
Read the Docs
v: latest
Versions
latest
Downloads
PDF
HTML
Epub
On Read the Docs
Project Home
Builds
Free document hosting provided by
Read the Docs
.