Hi John,
OSSEC can act as a *centralized log for Linux and it will encrypt the logs while in transit (no need for stunnel to encrypt the connections). However, it is not a replacement for syslog or syslog-ng. It can basically read the log files on the agents (your linux systems) and forward them to the ossec server (along with integrity data, etc). By default ossec will not store every received log, just the ones that matches any of our rules, but you can configure it to log everything (log_all tag). You will see them at /var/ossec/logs/archives/ if you enable logging all. *Note that ossec is meant to be a log analysis engine, so you will not have as many options regarding how to archive your logs. Hope it helps. -- Daniel B. Cid dcid ( at ) ossec.net On 1/29/07, John J. Culkin <[EMAIL PROTECTED]> wrote:
Can OSSEC act as a centralized log host for linux machines? Or should I keep investigating solutions like metalog and syslog-ng? If it can act as a centralized log host, are they any examples using it with stunnel to secure the connections? Thanks, -- John C. -- John J. Culkin Systems Administrator [EMAIL PROTECTED] The University of Scranton Phone: (570) 941-7665
