Difference between revisions of "Monitoring a local file using OSSEC Integration"

From khika
Jump to navigation Jump to search
Line 2: Line 2:
  
 
KHIKA integrates closely with OSSEC to monitor application logs in real time. This section explains how to use OSSEC to monitor the application logs. We begin with broad level steps and then dive deep into each step so that we explain the methodology and the intricate details associated with it. At a broad level you perform following steps
 
KHIKA integrates closely with OSSEC to monitor application logs in real time. This section explains how to use OSSEC to monitor the application logs. We begin with broad level steps and then dive deep into each step so that we explain the methodology and the intricate details associated with it. At a broad level you perform following steps
*Install an OSSEC Agent on the end node [[KHIKA_App_for_Linux#Installing_OSSEC_Agent_for_Linux|Linux]]
+
*Install an OSSEC Agent on the end node. [[KHIKA_App_for_Linux#Installing_OSSEC_Agent_for_Linux|Linux]] or [[KHIKA_App_for_Windows#Installing_OSSEC_Agent_for_Windows|Windows]]
 
*Configure the OSSEC Agent to monitor the file
 
*Configure the OSSEC Agent to monitor the file
 
*Parse the file using extensible KHIKA Adapter for OSSEC
 
*Parse the file using extensible KHIKA Adapter for OSSEC

Revision as of 12:44, 31 May 2019

In addition to event logs or syslogs, a lot of local files are created by various applications. These files reside on the hosts/servers where they are created and contain wealth of information, valuable for both security and operational intelligence. The application logs are useful for debugging or capturing run time errors/exception during production. It is imperative to monitor local files for gaining actionable insights, real time alerting, correlations and forensic debugging.

KHIKA integrates closely with OSSEC to monitor application logs in real time. This section explains how to use OSSEC to monitor the application logs. We begin with broad level steps and then dive deep into each step so that we explain the methodology and the intricate details associated with it. At a broad level you perform following steps

  • Install an OSSEC Agent on the end node. Linux or Windows
  • Configure the OSSEC Agent to monitor the file
  • Parse the file using extensible KHIKA Adapter for OSSEC
  • Set any enrichmen rules
  • Set the index in Elastic Search
  • Define alerts and dashboards
  • Define alerts and correlations