OSSEC Configuration

1.Configure OSSEC: Edit the configuration file ossec.conf:

sudo nano /var/ossec/etc/ossec.conf 

  <client> 

    <server-ip> IP SERVER OSSEC </server-ip> 

  </client> 


  <syslog_output> 

    <server>IP CYBERQUEST</server> 

    <port>5140</port> 

    <format>json</format> 

    <level>5</level> 

  </syslog_output> 

<global> 

    <allow_list>127.0.0.1</allow_list> 

    <allow_list>::1</allow_list> 

    <allow_list>localhost.localdomain</allow_list> 

    <allow_list>IP DNS</allow_list> 

    <allow_list>IP DNS</allow_list> 

    <allow_list>IP Cyberquest</allow_list> 

</global> 

2.Enabling Syslog Logging on the Server

/var/ossec/bin/ossec-control enable client-syslog 

/var/ossec/bin/ossec-control restart