Important Information on OSSEC - serate-actual/sec350final GitHub Wiki
OSSEC Manual
Architecture
- The OSSEC server, or server hosts the OSSEC application and stores the logs, configurations, and rules.
- The Agents connect to the OSSEC server and send over logs and information.
Required ports for communication
- Syslog mode uses 514/UDP
- Secure mode uses 1514/UDP
- Source