OSPatrol
Manual
Getting started with OSPatrol
OSPatrol Architecture
Supported Systems
Installation
Agents
Log monitoring/analysis
Syscheck
Rootcheck Manual
Rules and Decoders
Output and Alert options
Active Response
Frequently asked questions
Agents: FAQ
Alerts: FAQ
OSPatrol: FAQ
OSPatrol-WUI: FAQ
Syscheck: FAQ
When the unexpected happens: FAQ
Syntax and Options
Regular Expression Syntax
Log Analysis Syntax: Rules and Decoders
ospatrol.conf: syntax and options
agent.conf
internal_options.conf: syntax and options
Man pages
agent-auth
agent_control
clear_stats
list_agents
manage_agents
ospatrol-agentd
ospatrol-agentlessd
ospatrol-analysisd
ospatrol-authd
ospatrol-control
ospatrol-csyslogd
ospatrol-dbd
ospatrol-execd
ospatrol-logcollector
ospatrol-logtest
ospatrol-maild
ospatrol-makelists
ospatrol-monitord
ospatrol-regex
ospatrol-remoted
ospatrol-reportd
ospatrol-syscheckd
rootcheck_control
syscheck_control
syscheck_update
util.sh
verify-agent-conf
Rules/Decoders Documentation
Rules Documentation
Rootcheck / Syscheck Reference
Information about the Beastkit Rootkit
Information about the Knark Rootkit
Information about Old Rootkits
Information about Suspicious files
Information about the T.R.K rootkit
Information about the Tuxkit Rootkit
Log Samples
Stuff
Glossary
OSPatrol
Docs
»
Manual
Edit on GitHub
Manual
¶
Getting started with OSPatrol
Key Benefits
Key Features
OSPatrol Architecture
Manager
Agents
Agentless
Virtualization/VMware
Firewalls, switches and routers
Internal Architecture
Support
Supported Systems
Operating Systems
Devices supported via Syslog
Devices and Operating Systems via Agentless
Installation
OSPatrol HIDS Manager/Agent Installation
OSPatrol HIDS agentless Installation
OSPatrol HIDS Binary installation
OSPatrol Updates
External installation documents
Agents
Managing Agents
Agent systems behind NAT or with dynamic IPs (DHCP)
Centralized agent configuration
Agentless Monitoring
Writing Agentless Scripts
Log monitoring/analysis
What is log analysis?
Quick Facts
Configuration Options
Monitoring logs
Syscheck
Why Integrity checking?
Quick facts
Realtime options
Configuration options
Configuration Examples
Real time Monitoring
Report Changes
Syscheck: FAQ
Rootcheck Manual
Rootcheck
Understanding the Unix policy auditing on OSSEC
Rules and Decoders
Testing OSSEC rules/decoders
CDB List lookups from within Rules
Create Custom decoder and rules
Directory path loading of rules and decoders
Rules Classification
Rules Group
Output and Alert options
Sending alerts via syslog
Sending alerts via E-Mail
Sending output to a Database
Sending output to prelude
Sending alerts to picviz
Active Response
Creating Customized Active Responses
UNIX: Active Response Configuration
Windows: Active Response Configuration
Understanding Active Response with FreeBSD
Read the Docs
v: latest
Versions
latest
Downloads
PDF
HTML
Epub
On Read the Docs
Project Home
Builds
Free document hosting provided by
Read the Docs
.