FOSDEM '10 is a free and non-commercial event organized by the community, for the community. Its goal is to provide Free and Open Source developers a place to meet. No registration necessary.

   
Speakers
Wim Remes
Schedule
Day Saturday
Room Chavanne
Start time 16:00
End time 16:45
Duration 00:45
Info
Event type Podium
Track Security
Language English
Media
Video (DIVX)
OSSEC

Expect an overview of the basic architecture as well as practical examples of how to customize OSSEC to manage logging from your infrastructure and applications.

Log management, Intrusion detection/prevention and event correlation is a challenge we have been facing for decades. Most of us have been able to ignore it but with developments in regulatory compliance (PCI-DSS, HIPAA, SOX, ISO27K, ...) companies are required to investigate solutions. In this talk we will firstly touch upon the problems that will be faced during such a project and how log management will look in the future (new standards are on their way). After this boring introduction to the magical world that is log management and intrusion detection we will delve into the solution that is presented with OSSEC. While labeled as a Host-based Intrusion Detection System (HIDS), OSSEC provides you with a complete arsenal of functionalities that allow you to build a log management solution which will translate the most cryptic log message into a clear and actionable alert. Expect an overview of the basic architecture as well as practical examples of how to customize OSSEC to manage logging from your infrastructure and applications.