• Support
  • Forums
  • Blogs

auto_ossec - automatically deploy large number of OSSEC agents

avuseraccountavuseraccount

New Life Form
+2
Enterprise deployment of OSSEC agents is a hot mess.  The way AlienVault made it, the host has to be alive in order to scan it and add it to your assets.  Then you can deploy an agent (if that machine has permissions through firewalls, etc.).   The agents are unique per machine.

A better way to is deploy one executable to all machines.  This fits in better with enterprise deployment software.  

I would recommend everyone having problems with deployments use auto_ossec.  I would ask that AlienVault build this into there system and get ride of funky assets that are so hard coded to IP addresses rather than host names.

I am using it now. There is a still a step of linking an agent to an asset later, but at least I am getting logs for an asset already even without the linkage.  If AlienVault woudl take those hostnames coming in from OSSEC logs and use them and link them to assets rather than some independent concept it would drastically help the whole situation.
felipecamposcortes
Tagged:

Share post:

Comments

  • I will check the link...
    Thanks
  • Hi @avuseraccount For some days now I've been trying to use auto-ossec on Ossec server but I am a little new to Ubuntu and I am having trouble installing auto-server.py and keeping it running after restart with watchdog. Please help out if you can guide me through some commands.
Sign In or Register to comment.