AlienVault: Monitoring individual sensor Events Per Second [EPS]

Posted on by David Vassallo

In a distributed AlienVault environment, it is important to be able to monitor individual sensor's output. In our case, the requirements was to: Monitor each sensor's generated events over a configurable interval If the number of generated events of a sensor goes below a configured threshold, then notify the user via email There are several … Continue reading AlienVault: Monitoring individual sensor Events Per Second [EPS]

OSSEC event loss troubleshooting

Posted on by David Vassallo

There is a general consensus that OSSEC will lose events in the event that the main OSSEC server goes offline for whatever reason ( [1] , [2] ) - be it the service is stopped, a network disconnection, or anything in between. However, there doesn't seem to be much information on when exactly even loss can occur, for … Continue reading OSSEC event loss troubleshooting