The realtime power of OSSEC lies with the e-mail alerts it throws out. Don't turn this off! The thing is, for many of us at least, we don't want to be tied to yet another ruddy interface and it's relatively easy to scan e-mails, paying attention to a higher rated alert.
Then again, GUI's are useful, as much as anything for learning the hackscape, and not least about your system, but also for slicing-dicing potential attack routes to shore up.
So have one. You've got options.
OSSEC-WUI is feather-weight on resource, but limited on reports. It doesn't have built-in authentication, that login thing, so you'll need to harden the installation using techniques such as htaccess
and auth_digest
, both of which we got bored of in Chapter 5:
OSSEC-WUI – http://ossec.net/wiki/OSSECWUI:Install