NAME

OSSEC - OSSEC

VERSION

version 0.1

DESCRIPTION

The OSSEC distribution is a collection of perl modules and scripts simplifying working with OSSEC(https://www.ossec.net/) from Perl.

This is the main module of the OSSEC distribution. It provides OSSEC configuration file parsing to read database credentials from it.

Using methods of the OSSEC module makes sure that the base path to OSSEC is always set in the other modules.

ATTRIBUTES

ossecPath

Base path to the OSSEC installation. default /var/ossec

Type: String

mysqlAvail

Have database credentials been found when parsing the OSSEC configuration file

Type: Boolean (0/1)

server

database server to conect to default localhost

Type: String

dbuser

database user to use to connect to server default ossec

Type: String

dbpass

database password to use to connect to server

Type: String

database

database to use to connect to server default ossec

Type: String

config

XML::LibXML::Document object of the ossec configuration file

Type: XML::LibXML::Document

METHODS

BUILD

Method is called before constructing the object with new. It checks if a OSSEC configuration file can be found, loads it and checks if database credentials are available.

arLog

Method to simplify obtaining an OSSEC::Log instance for logging active response actions.

no parameters are required

return: OSSEC::Log

mysql

Method to simplify obtaining an OSSEC::MySQL instance. This method makes sure that all database parameters from the OSSEC configuration file are provided to OSSEC::MySQL without user support.

no parameters are required

return: OSSEC::MySQL

EXAMPLE

use strict;
use warnings;
use OSSEC;
use Try::Tiny;
use Data::Dumper;

# get an OSSEC instance with the default OSSEC path (/var/ossec)
my $ossec = OSSEC->new();

# check if mysql is available
die("no mysql") unless $ossec->mysqlAvail();

# get us logging for active response
my $log  = $ossec->arLog();

# log something
$log->info("test-active-response", "we are just testing");

# search for an alert
my $mysql = $ossec->mysql();

my $alert;
try {
  $alert = $mysql->searchAlert("1576795884.47756102");
} catch {
  die("Error occured or no alert found: " . $_);
};

print Dumper($alert);

AUTHOR

Domink Meyer <dmeyer@federationhq.de>

COPYRIGHT AND LICENSE

This is free software, licensed under:

The GNU General Public License, Version 3, June 2007

To install OSSEC, copy and paste the appropriate command in to your terminal.

cpanm

cpanm OSSEC

CPAN shell

perl -MCPAN -e shell
install OSSEC

For more information on module installation, please visit the detailed CPAN module installation guide.

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	go to github issues (only if github is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

	Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)

NAME

VERSION

DESCRIPTION

ATTRIBUTES

ossecPath

mysqlAvail

server

dbuser

dbpass

database

config

METHODS

BUILD

arLog

mysql

EXAMPLE

AUTHOR

COPYRIGHT AND LICENSE

Module Install Instructions