/aws/

OSSEC and AWS (part 2)

2020-05-21 01:30:00

Storing alerts as JSON

Update file by script

sudo cp -f /var/ossec/etc/ossec.conf /var/ossec/etc/ossec.conf.copy
sudo sed -i '3 a <jsonout_output>yes</jsonout_output>' /var/ossec/etc/ossec.conf

or Update file manually

vim /var/ossec/etc/ossec.conf
<ossec_config>
  <global>
    <jsonout_output>yes</jsonout_output>
    ...
  </global>
  ...
</ossec_config>

Restart OSSEC HIDS:

sudo /var/ossec/bin/ossec-control restart

Show alerts

sudo vim /var/ossec/logs/alerts/alerts.json

:set wrap!