Recommendations on Linux SIEM tools?

Jay3570

Active Member
Oct 24, 2019
30
7
83
USA
cPanel Access Level
Root Administrator
I've seen two threads here discuss OSSEC, Splunk, and LogWatch. However, both are well over 5 years old. What works best with dedicated cPanel server environments? Which is best for learning more about cybersecurity and incident response in general?
 

cPSamuelM

Technical Analyst Team Lead
Staff member
Nov 20, 2019
196
38
103
USA
cPanel Access Level
Root Administrator
Hello @Jay3570

None of these software solutions would integrate with existing features of cPanel and WHM. So I will let other community members weigh in on the subject. Can you provide any specific details about what you are trying to accomplish, or which security concerns or most important to you?
 

Jay3570

Active Member
Oct 24, 2019
30
7
83
USA
cPanel Access Level
Root Administrator
Can you specify why they wouldn't work with cPanel/WHM? I've had no issues installing it or pulling server logs. I'm looking to learn more about ways to organize and visualize server log data, not simply website analytics.
 
Last edited:

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
5,316
683
313
cPanel Access Level
Root Administrator
I think the "why" is more so "we don't do any testing of these on our side so no guarantee it's doing to work." It doesn't mean it specifically *won't* work, but that there's no guarantee those functions will work, or could disrupt existing tools on the system.
 

Jay3570

Active Member
Oct 24, 2019
30
7
83
USA
cPanel Access Level
Root Administrator
I figured that's what it meant, but "None of these software solutions would integrate with existing features" seems more negative than simply saying "we can't guarantee."
 
  • Like
Reactions: cPRex

Jay3570

Active Member
Oct 24, 2019
30
7
83
USA
cPanel Access Level
Root Administrator
I see Kibana along with the full ELK Stack (Elasticsearch and Logwatch) could also be included here. Is Linux server monitoring that rarely discussed?