Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230

 

 

 

Samhain vs Osiris? Opinions welcome.

Linux Kernel, Network, and Services configuration.
Post Reply
Message
Author
User avatar
Humbletech99
Posts: 365
Joined: 2005-12-29 00:03

Samhain vs Osiris? Opinions welcome.

#1 Post by Humbletech99 »

I am looking at host based intrusion detection systems and have concluded that Samhain and Osiris are ahead of the pack as they have central management features which are a big plus.

I need to monitor quite a lot of linux servers, and ideally a bunch of Windows servers too.

After quite a lot of googling I'm still no wiser, as both seem to have their trade offs. Only Osiris has a proper windows agent (samhain needs cygwin which I am reluctant to go round installing just for this). On the other hand osiris doesn't even sign it's config or baseline.


I'd like to know people's experiences; what have you used and which do you think is better?


Opinions welcome.
The Human Equation:

value(geeks) > value(mundanes)

kruk
Posts: 10
Joined: 2008-09-12 02:41

Re: Samhain vs Osiris? Opinions welcome.

#2 Post by kruk »

Did you get any answer? What have you taken?

Tks

User avatar
Humbletech99
Posts: 365
Joined: 2005-12-29 00:03

#3 Post by Humbletech99 »

I used Osiris for a couple of years, but then I got sick of the abandonware and stopped using it.

Seems you can't always get everything you want in open source...
The Human Equation:

value(geeks) > value(mundanes)

shoof
Posts: 379
Joined: 2006-09-08 20:41
Location: My chair

#4 Post by shoof »

I used osiris for a few months, the central managment is nice but I didn't like having to open the osiris port on all the machines and I found it difficult to tweak the configs to get rid of the false positives.

I've been trying out ossec.net and so far I like it, easy to tweak and has a good Windows agent.

Post Reply