OSSEC is an open-source host-based intrusion detection system written in C. In OSSEC, a centralized OSSEC manager stores events sent by the OSSEC agent deployed on individual hosts, and captures system logs collected via remote syslog. Based on collected logs/events and built-in inspection rules, the correlation/analysis engine conducts log analysis, file integrity checking, rootkit/malware detection, and policy compliance monitoring in real-time. When potential attacks, misuse, or system errors are detected from the analysis, OSSEC alerts system admins or other applications about those events using various means such as syslog output, email notifications, database records, etc. OSSEC supports detecting intrusions on multiple operating systems (Linux, BSD, Mac OS X, Windows and Solaris) via agent-based monitoring, and various agent-less middlebox devices (routers, firewalls, proxies) via remote syslog. OSSEC can be integrated with other event monitoring application backends (e.g., Logstash
, Elasticsearch or Zabbix) to store, index, visualize, and search OSSEC alerts. OSSEC provides a web-based dashboard for displaying agent status and alert statistics, and performing file integrity checking.