Hi all, I am looking forward a HIDS for mass deployment on unices systems (~= 1200 Linux/Solaris/AIX). I need a centralized system (in order to simplify administration), excluding tripwire/aide/integrit and the like..
A that point of my researches, I have the feeling that OSSEC or Samhain
would be the right solution. I need centralized config files/databases,
multiple ways of processing logs (mail/syslog/dbs/scripts..). Managing
different types of systems/archs configuration files is also an important
concern.
Here are a few questions I would like to submit to the list:
What is the most serious, stablest, easy-to-use and full-featured one between
those two ?
Which one is the most widespread over huge organizations ?
Are there other solutions that would meet my needs ?
Are there well known issues in using samhain or ossec ?
Samhain and ossec seems unable to corelate alerts (avoiding mass mailing when
the same
error is encountered on all hosts). Is that true ? Does some other tool do the
job ?
Sorry about my weird english..
Thanks for any post.
--
Reconnaissez vos erreurs avant que quelqu'un d'autre ne les exagère.
-*- Andrew Mason -*-
smime.p7s
Description: S/MIME cryptographic signature
