Take a look at "Security-Onion" This combines tools like Snort and OSSEC and brings it into a single platform. There is also a "SecurityOnion" for Splunk that expands on this idea.
-K On Wednesday, December 12, 2012 10:56:49 AM UTC-8, Leonardo Pezente wrote: > > im a noob in ossec, but i think it was a good idea to have in my nids > machine. > he is aready running, and now i want to him to send an e-mail of possible > problem, of he and my nids(snort) detect, but i dont have idea how to do > that. > i have snort send alerts to my syslog, and i put the syscheck in 1 hour. > i have create an e-mail just for that, and i have change the global for > send e-mail. > So, he will send e-mail every 0ne hour or i have to make more some think? >
