From OSSEC Wiki

Jump to: navigation, search

Supported log formats

Ossec supports the following log formats (rules id grouping):

  • Unix-only:
    • Unix Pam
    • sshd (OpenSSH)
    • Solaris telnetd
    • Samba
    • Su
    • Sudo
    • Xinetd
    • Adduser/deluser/etc
    • Cron/Crontab
    • Solaris BSM Auditing
    • Dpkg (Debian package) logs
  • FTP servers:
    • Proftpd
    • Pure-ftpd
    • vsftpd
    • Microsoft FTP server
    • Solaris ftpd
  • Mail servers:
    • Imapd and pop3d
    • Postfix
    • Sendmail
    • vpopmail
    • Microsoft Exchange
    • Courier imapd/pop3d/pop3-ssl
    • SMF-SAV (Sendmail Sender Address Validator)
    • Procmail
    • Mailscanner
  • Web servers:
    • Apache web server (access log and error log)
    • IIS 5/6 web server (NSCA and W3C extended)
    • Zeus web server
  • Web applications:
    • Horde imp
    • Modsecurity
  • Firewalls:
    • Iptables firewall
    • Shorewall (iptables-based) firewall
    • Solaris ipfilter firewall
    • AIX ipsec/firewall
    • Netscreen firewall
    • Windows firewall
    • Cisco PIX/ASA/FWSM
    • SonicWall firewall
    • Checkpoint firewall
  • Databases:
    • MySQL
    • PostgreSQL
  • NIDS:
    • Cisco IOS IDS/IPS module
    • Snort IDS (snort full, snort fast and snort syslog)
    • Dragon NIDS
    • Checkpoint Smart defense
  • Security tools:
    • Symantec Anti Virus
    • Symantec Web Security
    • Nmap
    • Arpwatch
  • Others:
    • Named (bind)
    • Squid proxy
    • Bluecoat proxy
    • Cisco VPN Concentrator
    • Cisco IOS routers
    • Asterisk
  • Windows event logs (logins, logouts, audit information, etc)
  • Windows Routing and Remote Access logs
  • Generic unix authentiction (adduser, logins, etc)


Retrieved from "http://ossec.net/wiki/index.php/Supported-Logs"
Views
Personal tools