Agree with Daniel. Just want to add another clarification:
When you choose server profile, it will install the OSSEC manager and agent
components, meaning that you can also monitor your local system. No need to
choose hybrid mode unless you plan to forward data to another OSSEC manager.
On Thu,
I personally use it mostly on very busy servers to limit the amount of
events being sent by the agent
to the manager.
Say a very busy web server that generates thousands of logs per second.
Instead of sending all events centrally, I use the hybrid mode to do the
initial analysis locally and only
Hi,
I am not able to understand when should I use hybrid mode.
I have one server and 4 agents.
My server also have many applications and a web server which I want to
monitor along with that web servers and other applications on agents.
Therefore should I go for
1) hybrid on server and agent on
