This presentation was given at Excaliburcon in Wuxi, China and covers the use of open source solutions in a security infrastructure, with a special focus on OSSEC.
11. Mr. Daniel CidMr. Daniel Cid
His royal OSSECnessHis royal OSSECness
http://www.twitter.comhttp://www.twitter.com/danielcid/danielcid
dcid in #ossec on irc.freenode.netdcid in #ossec on irc.freenode.net
23. 1
2
Feb 25 12:00:47 beijing appdaemon:userFeb 25 12:00:47 beijing appdaemon:user
john logged on from 10.10.10.10john logged on from 10.10.10.10
time/datetime/date :: Feb 25 12:00:47Feb 25 12:00:47
HostnameHostname :: beijingbeijing
Program_nameProgram_name :: appdaemonappdaemon
LogLog :: user john logged on from 10.10.10.10user john logged on from 10.10.10.10
PRE-DECODING
OSSEC Rule engine
24. 1
2
time/datetime/date :: Feb 25 12:00:47Feb 25 12:00:47
HostnameHostname :: beijingbeijing
Program_nameProgram_name :: appdaemonappdaemon
LogLog :: user john logged on from 10.10.10.10user john logged on from 10.10.10.10
SrcipSrcip :: 10.10.10.1010.10.10.10
UserUser : john: john
DECODING
OSSEC Rule engine
Feb 25 12:00:47 beijing appdaemon:userFeb 25 12:00:47 beijing appdaemon:user
john logged on from 10.10.10.10john logged on from 10.10.10.10