Hi Guys, I have a problem which I need some expert advise.
I have a number of systems with the following softwares. 1. Apache proxy server 2. Apache Tomcat 3. Oracle DB I want to create a central syslog server, where all logs from the above and other system logs get ported and is analyzed at the central server and a dash board is required at the end. I could see a few combination to achieve this possibly. 1. Ossec agents monitor log files and port all log to OSSEC server (/var/ ossec/logs/archives/archives.log) + logstash +elastic search + Kibana 2. Ossec agent port all log files + Ossec server syslog output + logstash +elastic search + Kibana 3. rsyslog on client machines write logs to central syslog server + Ossec monitor central syslog server output + logstash +elastic search + Kibana What is expected on the dashboard is 1. PCI DSS compliance dash board. (This is possible with Ossec alerts visualization I understand). 2. All access data in graphs, say from apache logs top hit hosts, top urls , error counts etc.(This is possible only if archives log is active) I want to happen both ossec alert log and archive log porting at the same time. Is this possible with Ossec? Or if this is a better way ? porting all logs with some syslog programs (I am not sure what to use for this.) and ossec will process the central server syslog and make alerts from that. Also is it possible to pass multiple inputs to logstash (archive log input and ossec syslog input) ? How to parse the actual messages and categorize (since it can contain messages from apache logs, messages , oracle logs etc) at logstash, is there someone can provide a filter example? Please advise how to go ahead with this requirements. Thanks, Bhuvanesh -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
