This repo contains a series of decoders and rules to integrate gaming servers in to the wazuh enviorment.
The goal is ofcourse to detect and possibly respond to difrent kinds of malicious network attacks or what ever else we can deduce from the logs. Rules and detections that are dependent on spesific game-mods would be your individual repsonsibility to develop.
You have to find the required live logs in your setup your self, and then edit the /var/ossec/etc/ossec.conf on the game server to import it.
(For demonstrations the minecraft log is located at: /tmp/minecraft_log)
locate this section at the bottom of your ossec.conf:
<ossec_config>
<localfile>
<log_format>journald</log_format>
<location>journald</location>
</localfile>
<localfile>
<log_format>syslog</log_format>
<location>/var/ossec/logs/active-responses.log</location>
</localfile>
<localfile>
<log_format>syslog</log_format>
<location>/var/log/dpkg.log</location>
</localfile>
</ossec_config>
<localfile>
<log_format>syslog</log_format>
<location>/tmp/minecraft_log</location>
</localfile>
Download the decoder and rulesets you need in to their respective folders.
Decoders: /var/ossec/etc/decoders
Rules: /var/ossec/etc/rules
restart the Manager before the Agent, to make shure that the decoders and rules are ready to parse the incoming logs.
Any contribution to this repo is welcome. I do not own or have any interest in all the possible game servers out there, so if you have a particular game server that could fit in this repo, make a pull request and create the required decoders and rules.