ODIN Security Log Server based on CentOS 6, OSSEC and ELK
ODIN Security Log Server is a product based on Open Source products. It consists of an installation bundle based on CentOS 6 with integrated OSSEC (http://www.ossec.net) HIDS system for intrusion detection and automatic log analysis. It also features a powerful log analysis tool, ELK which is short for Elasticsearch, Logstash, Kibana (http://www.elastic.co). ELK provides search and filter functions as well as a very customizable web based graphical user interface for viewing logs, statistics, traffic profiles, etc.
ODIN also has an option which integrates Snort NIDS engine into ODIN with simple tools developed by Enguild for management, supervision and rules installation. Due to licensing issues, no rules are bundled so it is up to the end customer to obtain a license for an applicable ruleset.
Apart from the bundled functions, configurations for standard CentOS functions such as syslogd, logrotate, auditd and SELinux is part of ODIN Security Log Server. It also comes bundled with some programs developed by Enguild AB for easy management and compliance with requirements found in most sensitive IT-systems. It integrates out-of-the-box with all syslog-compliant units and/or systems which support OSSEC agent. This means that it is compatible with all Linux/Unix-based systems, most network equipment as well as Windows-systems that are supported by OSSEC agent. For Windows systems that are not supported by OSSEC some other third party conversion from Event Viewer to syslog format must be used.
When the automatic analysis identifies potential threats using the rules configured in OSSEC, a security alarm is issued. This alarm is visible on the user Desktop but it is also possible to signal to an external alarm using a USB-relay if your ODIN Security Log Server is connected via a unidirectional link or using standard email or SNMP traps if your log server is connected via a bidirectional standard Ethernet connection.
Since ODIN Security Log Server is based on several different licenses these are all applicable for customer use of ODIN Security Log Server. See License page for more information.