As a system administrator, we may want to keep track of authorized and unauthorized activity on your server. OSSEC may be the solution for this. It's an open source host-based intrusion detection system, which can be used for tracking server activity. When properly configured, OSSEC can perform log analysis, integrity checking, rootkit detection, time-based alerting, and many other things.
To install and configure OSSEC, we will use an Ubuntu server. Additional packages such as gcc, libc, Apache, and PHP may be needed for compiling and running OSSEC. Also, if we want real-time alerting to work, a separate package would be needed for this. To install all the essential packages, run the command shown here: