OSSEC can monitor more than just logfiles; it can also monitor the output of commands. OSSEC can leverage its log analysis engine using rules and decoders to alert when a command outputs a certain string. OSSEC can also leverage its file integrity monitoring facilities to alert when the output of a command changes from the previous run. We'll look at a few examples where this might be useful.
OSSEC treats command output as log entries. OSSEC has two options for command monitoring: command
and full_command
. The difference is how OSSEC handles the output. When using the command
variation, every line of output is treated as an individual log entry and analyzed independently. When using the full_command ...
No credit card required