|
| 1 | +.. _about_architecture: |
| 2 | + |
| 3 | +OSSEC Architecture |
| 4 | +================== |
| 5 | + |
| 6 | +On Microsoft Windows systems, OSSEC runs as a single service. On unix-like systems it runs as several |
| 7 | +processes, communicating via sockets. |
| 8 | + |
| 9 | + |
| 10 | ++--------------------+--------------------------------------------------------------------------------+ |
| 11 | +| Process | Description | |
| 12 | ++====================+================================================================================+ |
| 13 | +| ossec-analysisd | Master program. Analyzes data from the logs, syscheck,rootcheck, etc. | |
| 14 | +| | Runs as an unprivileged (ossec) user under chroot. | |
| 15 | ++--------------------+--------------------------------------------------------------------------------+ |
| 16 | +| ossec-execd | Execute active responses by calling the configured scripts. Runs as root. | |
| 17 | ++--------------------+--------------------------------------------------------------------------------+ |
| 18 | +| ossec-maild | Send e-mail alerts. Runs as an unprivileged user (ossecm) under chroot. | |
| 19 | ++--------------------+--------------------------------------------------------------------------------+ |
| 20 | +| ossec-remoted | Server side socket for server/client communications. | |
| 21 | +| | Runs as an unprivileged user (ossecr) under chroot. | |
| 22 | ++--------------------+--------------------------------------------------------------------------------+ |
| 23 | +| ossec-agentd | Agent side socket for server/client communications. | |
| 24 | +| | Runs as an unprivileged user (ossec) under chroot. | |
| 25 | ++--------------------+--------------------------------------------------------------------------------+ |
| 26 | +| ossec-logcollector | Monitor log files and windows event logs (do not use tail). | |
| 27 | ++--------------------+--------------------------------------------------------------------------------+ |
| 28 | +| ossec-syscheckd | Does integrity checking and rootkit detection (rootcheck is a module of it). | |
| 29 | ++--------------------+--------------------------------------------------------------------------------+ |
| 30 | +| ossec-csyslogd | Client syslog tool to forward OSSEC alerts to remote syslog servers | |
| 31 | +| | (including SIM/SEMs and log management systems). | |
| 32 | ++--------------------+--------------------------------------------------------------------------------+ |
| 33 | +| ossec-monitord | Monitor agent connectivity and compress daily log files. | |
| 34 | ++--------------------+--------------------------------------------------------------------------------+ |
| 35 | + |
0 commit comments