I'm sorry for any confusion. There are vague references for being able to write scripts for use with CW that do things like monitor specific files, and logs such as system logs and Apache logs. I cannot find any hard examples or anecdotal info.
I am having good success doing the monitoring, and wanted to install this POC in the company's cloud, and met a wall of: "Well we pay for cloudwatch, why do we need OSSEC?". What I was hoping for here is something definitive like, use Cloudwatch for this, and its better to use OSSEC for this...(as mentioned, AWS mentions ossec in a best practice doc for intrusion monitoring but not event/log analysis). ________________________________ From: dan (ddp) <[email protected]> To: [email protected] Sent: Thursday, September 27, 2012 12:59 PM Subject: Re: [ossec-list] OSSEC vs AWS Cloudwatch..or Cloudwatch with OSSEC? On Thu, Sep 27, 2012 at 3:55 PM, T STONE <[email protected]> wrote: > Yes, true. While I have Ossec monitoring systems in a non-AWS environment > and alerting properly, there is some idea that AWS can also provide that > functionality. From what I have seen, the move would be to use them > together. > > I was hoping there was someone here that has some personal experience with > it and might offer some insight. > It'd be great if you explained what part of cloudwatch you think is comparable to OSSEC. I haven't seen anything that provides any of the OSSEC functionality so far... > ________________________________ > From: dan (ddp) <[email protected]> > To: [email protected] > Sent: Thursday, September 27, 2012 12:50 PM > Subject: Re: [ossec-list] OSSEC vs AWS Cloudwatch..or Cloudwatch with OSSEC? > > On Thu, Sep 27, 2012 at 3:44 PM, tstoneami <[email protected]> wrote: >> HI Folks; >> >> My company is close to deploying a web site on AWS, and has Cloudwatch >> enabled. From everything I have seen so far, CW does some basic system >> monitoring out of the box, and you can write custom scripts to do more - >> although I haven't located the docs for that yet... >> >> My question: Can anyone recommend a course of action? I have seen AWS >> recommend OSSEC for intrusion detection as a best practice, but not for >> log >> analysis. Is there any knowledge out there on this? Has anyone used OSSEC >> in combination with Cloudwatch? >> >> Thanks for any input, >> >> Troy >> > > I must be missing something, because these features don't seem to be > competing with OSSEC in any way: http://aws.amazon.com/cloudwatch/ > >
