Log Inspection

The OSSEC Log Inspection Engine is integrated into Vulnerability ProtectionDeep Security and gives you the ability to inspect the logs and events generated by the operating systems and applications running on the computers. Log Inspection Rules can be assigned directly to computers or can be made part of a Security Profile. Like Integrity Monitoring Events, Log Inspection events can be configured to generate alerts in the Vulnerability ProtectionDeep Security Manager.

Some Log Inspection Rules written by Trend Micro require local configuration to function properly. If you assign one of these Rules to your computers or one of these Rules gets assigned automatically, an Alert will be raised to notify you that configuration is required.

Basic Configuration

To enable Log Inspection functionality on a computer:

  1. In the Policy/Computer editor, go to Log Inspection > General
  2. Select On , and then click Save

Recommendation Scans

Agents can be configured to perform regular Recommendation Scans, which scan a computer and make recommendations about the application of various Security Rules. Selecting this checkbox will automatically assign recommended Log Inspection Rules to the computer and automatically unassign rules that are not required.

To turn the recommendation engine on or off, go to Policy/Computer Editor > Settings > Scanning.

Advanced topics

For more information on Log Inspection, see Examining a Log Inspection Rule.