Output and Alert options

Contents:

• Sending alerts via syslog
  • Configuration options
  • Enabling Syslog output
• Sending alerts via E-Mail
  • Alerts to a single E-Mail Address
  • Granular E-Mail alerts to many E-Mail addresses
  • Daily E-Mail Reports
• Storing alerts as JSON
  • Configuration
  • Enabling json output
• Sending output to a Database
  • Configuration options
  • Enabling Database Support
  • Enable Database output in the configuration
  • Database Specific Setup
• Daily E-Mail Reports
  • Configuration options
  • Receive a summary of all authentication success alerts
  • Receive summary of all File integrity monitoring alerts
• Sending output to prelude
  • Enabling Prelude Support
  • Enable Prelude output in the configuration
  • Prelude extra options

Overview:

OSSEC includes a number of ways to send alerts to other systems or applications. Syslog, email, and sending the alerts to an SQL database are the typical methods. These output methods send only alerts, not full log data. Since the agents do not generate alerts, these options are server side only.