OSSEC - Anyone tried it?
-
Recently I learned about OSSEC, which touts itself as "a scalable, multi-platform, open source Host-based Intrusion Detection System (HIDS)."
Has anyone heard of this or used it before? I know Snort is kind of the de facto open source IDS - it looks like OSSEC's main strengths over Snort are its focus on central management and low resource usage on endpoint systems, which are two things I like the sound of.
Thought it might be good to check in with you guys before devoting a weekend to getting it up and running
-
I have it installed. Just dropped the forwarder on the firewall so far. So it alerts me whenever something gets by the first box.... no alerts so far (I'd knock on wood if I could.)