OSSEC
3.3
About
Documentation
Downloads
Site
Manual
Frequently asked questions
User submitted Cookbooks
Build, compile, and not much more
oRFC:
Syntax and Options
Output Formats
Man pages
Examples
Index
Symbols
|
A
|
B
|
C
|
D
|
E
|
F
|
G
|
H
|
I
|
J
|
L
|
M
|
N
|
O
|
P
|
Q
|
R
|
S
|
T
|
U
|
W
|
Z
Symbols
-a
agent_control command line option
clear_stats command line option
manage_agents command line option
ossec-logtest command line option
syscheck_update command line option
-A <agent_name>
agent-auth command line option
-c
manage_agents command line option
-c <config>
ossec-agentd command line option
ossec-agentlessd command line option
ossec-analysisd command line option
ossec-csyslogd command line option
ossec-dbd command line option
ossec-execd command line option
ossec-logcollector command line option
ossec-logtest command line option
ossec-maild command line option
ossec-makelists command line option
ossec-monitord command line option
ossec-remoted command line option
ossec-syscheckd command line option
-D
agent-auth command line option
-d
agent-auth command line option
clear_stats command line option
ossec-agentd command line option
ossec-agentlessd command line option
ossec-analysisd command line option
ossec-authd command line option
ossec-csyslogd command line option
ossec-dbd command line option
ossec-execd command line option
ossec-logcollector command line option
ossec-logtest command line option
ossec-maild command line option
ossec-makelists command line option
ossec-monitord command line option
ossec-remoted command line option
ossec-reportd command line option
ossec-syscheckd command line option
syscheck_control command line option
-D <dir>
ossec-agentd command line option
ossec-agentlessd command line option
ossec-analysisd command line option
ossec-authd command line option
ossec-csyslogd command line option
ossec-dbd command line option
ossec-logtest command line option
ossec-maild command line option
ossec-monitord command line option
ossec-remoted command line option
ossec-reportd command line option
-e <agent_id>
manage_agents command line option
-F
ossec-makelists command line option
-f
ossec-agentd command line option
ossec-agentlessd command line option
ossec-analysisd command line option
ossec-csyslogd command line option
ossec-dbd command line option
ossec-execd command line option
ossec-logcollector command line option
ossec-maild command line option
ossec-monitord command line option
ossec-remoted command line option
ossec-syscheckd command line option
-f <file>
manage_agents command line option
-f <file>
syscheck_control command line option
-f <filter> <value>
ossec-reportd command line option
-g
ossec-execd command line option
-g <group>
agent-auth command line option
ossec-agentd command line option
ossec-agentlessd command line option
ossec-analysisd command line option
ossec-authd command line option
ossec-csyslogd command line option
ossec-dbd command line option
ossec-maild command line option
ossec-makelists command line option
ossec-monitord command line option
ossec-remoted command line option
-h
agent-auth command line option
agent_control command line option
clear_stats command line option
manage_agents command line option
,
[1]
ossec-agentd command line option
ossec-agentlessd command line option
ossec-analysisd command line option
ossec-authd command line option
ossec-csyslogd command line option
ossec-dbd command line option
ossec-execd command line option
ossec-logcollector command line option
ossec-logtest command line option
ossec-maild command line option
ossec-makelists command line option
ossec-monitord command line option
ossec-remoted command line option
ossec-reportd command line option
ossec-syscheckd command line option
rootcheck_control command line option
syscheck_control command line option
syscheck_update command line option
-i
ossec-authd command line option
-i <agent_id>
agent_control command line option
-i <key>
manage_agents command line option
-i AGENT_ID
rootcheck_control command line option
syscheck_control command line option
-k <path>
agent-auth command line option
ossec-authd command line option
-L
rootcheck_control command line option
-l
agent_control command line option
manage_agents command line option
rootcheck_control command line option
syscheck_control command line option
syscheck_update command line option
-lc
agent_control command line option
rootcheck_control command line option
syscheck_control command line option
-m <manager_ip>
agent-auth command line option
-n
manage_agents command line option
-n <string>
ossec-reportd command line option
-p <port>
agent-auth command line option
ossec-authd command line option
-q
rootcheck_control command line option
-r
agent_control command line option
rootcheck_control command line option
-r -i
syscheck_control command line option
-R <agent_id>
agent_control command line option
-r <agent_id>
manage_agents command line option
-r <filter> <value>
ossec-reportd command line option
-s
ossec-reportd command line option
rootcheck_control command line option
syscheck_control command line option
-t
ossec-agentd command line option
ossec-agentlessd command line option
ossec-analysisd command line option
ossec-authd command line option
ossec-csyslogd command line option
ossec-dbd command line option
ossec-execd command line option
ossec-logcollector command line option
ossec-logtest command line option
ossec-maild command line option
ossec-makelists command line option
ossec-monitord command line option
ossec-remoted command line option
ossec-syscheckd command line option
-u
ossec-agentlessd command line option
ossec-analysisd command line option
-u <agent_id>
agent_control command line option
syscheck_update command line option
-u <id>
rootcheck_control command line option
-U <rule-id:alert-level:decoder-name>
ossec-logtest command line option
-u <user>
ossec-agentd command line option
ossec-csyslogd command line option
ossec-dbd command line option
ossec-maild command line option
ossec-makelists command line option
ossec-monitord command line option
ossec-remoted command line option
-u AGENT_ID
syscheck_control command line option
-u all
syscheck_control command line option
-u local
syscheck_update command line option
-V
agent-auth command line option
manage_agents command line option
ossec-agentd command line option
ossec-agentlessd command line option
ossec-analysisd command line option
ossec-authd command line option
ossec-csyslogd command line option
ossec-dbd command line option
ossec-execd command line option
ossec-logcollector command line option
ossec-logtest command line option
ossec-maild command line option
ossec-makelists command line option
ossec-monitord command line option
ossec-remoted command line option
ossec-reportd command line option
ossec-syscheckd command line option
-v
ossec-logtest command line option
-v <path>
agent-auth command line option
ossec-authd command line option
-w
clear_stats command line option
-x <path>
agent-auth command line option
ossec-authd command line option
-z
syscheck_control command line option
A
active-response
adddns <domain>
util.sh command line option
addfile <filename> [<format>]
util.sh command line option
addsite <domain>
util.sh command line option
agent-auth command line option
-A <agent_name>
-D
-V
-d
-g <group>
-h
-k <path>
-m <manager_ip>
-p <port>
-v <path>
-x <path>
agent.debug
agent_config
agent_config_options
agent_control command line option
-R <agent_id>
-a
-h
-i <agent_id>
-l
-lc
-r
-u <agent_id>
agent_id
agentless
,
[1]
alerts
alias
,
[1]
allowed-ips
analysisd.debug
analysisd.default_timeframe
analysisd.fts_list_size
analysisd.fts_min_size_for_str
analysisd.log_fw
analysisd.stats_maxdiff
analysisd.stats_mindiff
analysisd.stats_percent_diff
arguments
,
[1]
B
base_directory
,
[1]
C
categories
,
[1]
category
check_dev
,
[1]
check_diff
,
[1]
,
[2]
check_files
,
[1]
check_if
,
[1]
check_pids
,
[1]
check_ports
,
[1]
check_sys
,
[1]
check_trojans
,
[1]
check_unixaudit
,
[1]
check_winapps
,
[1]
check_winaudit
,
[1]
check_winmalware
,
[1]
clear_stats command line option
-a
-d
-h
-w
command
,
[1]
,
[2]
,
[3]
config-profile
connection
custom_alert_output
D
database
,
[1]
database_output
,
[1]
dbd.reconnect_attempts
decoded_as
decoder
,
[1]
decoder.accumulate
decoder.fts
decoder.ftscomment
decoder.order
decoder.parent
decoder.prematch
decoder.program_name
decoder.regex
decoder_dir
deny-ips
description
disabled
,
[1]
,
[2]
do_not_delay
do_not_group
dstip
E
email_alert_level
email_alerts
email_from
email_idsname
email_maxperhour
email_notification
email_reply_to
email_to
,
[1]
,
[2]
,
[3]
environment variable
DATABASE
DEBUG
DEBUGAD
LUA_ENABLE
LUA_PLAT
MAXAGENTS
OSSEC_GROUP
OSSEC_USER
OSSEC_USER_MAIL
OSSEC_USER_REM
PREFIX
TARGET
USE_GEOIP
USE_PRELUDE
USE_SQLITE
USE_ZEROMQ
V
ZLIB_SYSTEM
event_location
executable
expect
extra_data
F
format
,
[1]
,
[2]
frequency
,
[1]
,
[2]
,
[3]
,
[4]
,
[5]
G
geoip_db_path
global
group
,
[1]
,
[2]
,
[3]
,
[4]
,
[5]
H
HIDS
host
,
[1]
host_information
hostname
,
[1]
,
[2]
I
id
if_group
if_level
if_matched_group
if_matched_sid
if_sid
include
info
ipv6
J
jsonout_output
L
level
,
[1]
,
[2]
,
[3]
,
[4]
,
[5]
LIDS
list
,
[1]
local_ip
localfile
,
[1]
location
,
[1]
,
[2]
,
[3]
,
[4]
,
[5]
,
[6]
log_alert_level
log_format
,
[1]
logall
logcollector.loop_timeout
logcollector.open_attempts
logcollector.remote_commands=0
M
maild.full_subject
maild.geoip
maild.groupping
maild.strict_checking
manage_agents command line option
-V
-a
-c
-e <agent_id>
-f <file>
-h
,
[1]
-i <key>
-l
-n
-r <agent_id>
match
memory_size
monitord.compress
monitord.day_wait
monitord.monitor_agents
monitord.sign
N
name
,
[1]
notify_time
O
only-future-events
,
[1]
options
os
ossec-agentd command line option
-D <dir>
-V
-c <config>
-d
-f
-g <group>
-h
-t
-u <user>
ossec-agentlessd command line option
-D <dir>
-V
-c <config>
-d
-f
-g <group>
-h
-t
-u
ossec-analysisd command line option
-D <dir>
-V
-c <config>
-d
-f
-g <group>
-h
-t
-u
ossec-authd command line option
-D <dir>
-V
-d
-g <group>
-h
-i
-k <path>
-p <port>
-t
-v <path>
-x <path>
ossec-csyslogd command line option
-D <dir>
-V
-c <config>
-d
-f
-g <group>
-h
-t
-u <user>
ossec-dbd command line option
-D <dir>
-V
-c <config>
-d
-f
-g <group>
-h
-t
-u <user>
ossec-execd command line option
-V
-c <config>
-d
-f
-g
-h
-t
ossec-logcollector command line option
-V
-c <config>
-d
-f
-h
-t
ossec-logtest command line option
-D <dir>
-U <rule-id:alert-level:decoder-name>
-V
-a
-c <config>
-d
-h
-t
-v
ossec-maild command line option
-D <dir>
-V
-c <config>
-d
-f
-g <group>
-h
-t
-u <user>
ossec-makelists command line option
-F
-V
-c <config>
-d
-g <group>
-h
-t
-u <user>
ossec-monitord command line option
-D <dir>
-V
-c <config>
-d
-f
-g <group>
-h
-t
-u <user>
ossec-remoted command line option
-D <dir>
-V
-c <config>
-d
-f
-g <group>
-h
-t
-u <user>
ossec-reportd command line option
-D <dir>
-V
-d
-f <filter> <value>
-h
-n <string>
-r <filter> <value>
-s
ossec-syscheckd command line option
-V
-c <config>
-d
-f
-h
-t
P
password
,
[1]
port
,
[1]
,
[2]
,
[3]
prelude_output
profile
program_name
protocol
Q
query
,
[1]
R
regex
remote
remoted.comp_average_printout
remoted.debug
remoted.recv_counter_flush
remoted.verify_msg_id
repeated_offenders
reports
,
[1]
rootcheck_control command line option
-L
-h
-i AGENT_ID
-l
-lc
-q
-r
-s
-u <id>
rootkit_files
,
[1]
rootkit_trojans
,
[1]
rule
,
[1]
,
[2]
,
[3]
rule_dir
rule_id
,
[1]
,
[2]
rules_group
rules_id
S
same_dst_port
same_id
same_location
same_source_ip
same_source_port
same_user
scanall
,
[1]
server
,
[1]
server-hostname
server-ip
showlogs
,
[1]
skip_nfs
,
[1]
smtp_server
srcip
,
[1]
,
[2]
state
,
[1]
stats
syscheck.sleep
syscheck.sleep_after
syscheck_control command line option
-d
-f <file>
-h
-i AGENT_ID
-l
-lc
-r -i
-s
-u AGENT_ID
-u all
-z
syscheck_update command line option
-a
-h
-l
-u <agent_id>
-u local
syslog_output
,
[1]
system_audit
,
[1]
T
time
time-reconnect
timeout
timeout_allowed
title
,
[1]
type
,
[1]
,
[2]
,
[3]
U
url
use_fqdn
,
[1]
use_geoip
user
,
[1]
,
[2]
username
,
[1]
util.sh command line option
adddns <domain>
addfile <filename> [<format>]
addsite <domain>
W
weekday
white_list
windows.debug
windows_apps
,
[1]
windows_audit
,
[1]
windows_malware
,
[1]
Z
zeromq_output
zeromq_uri