All, I'm been looking at the OSSEC documentation and can't get my head around how to utilize the CDB feature.
I was hoping to create a mapping of the authorized usernames for each IP/host. Upon a sid related to login, I want to verify the user is authorized for that IP. If not, I want to generate an alert. As I mentioned, I've read the OSSEC documentation but still can't figure things out. I've also read the past OSSEC User Group postings. Can someone post a brief example of a setup that does something similar to what I need so I have a model for implementing this? Thanks, Chris Sent from my iPhone
