Hello! I am currently trying to use OSSEC for analysing logfiles from multiple sources (servers) stored on a central log server. I have not figured out how to make the OSSEC server able to distinguish the different log sources.
I have thought about a few different options: - If possible, configure the OSSEC server so it can treat different logfiles fed from _one_ agent as originating from several servers. - Install multiple agents on the central logserver, feeding certain logs to the OSSEC server. - Modifying the agent code so it can behave as different agents depending on the sources of the logs to feed. Maybe there are other better solutions or maybe this is an all together bad idea? Thanks in advance. Göran Pestana
