Ive tried doing some research on this but i havnt found anything concrete yet. I want to install OSSEC on WindowsXP laptops that will be connected to the network but also travel. When the laptop travels it is allowed to connect to the internet via VPN and all traffic passes through the tunnel and out the home network. While the laptop is out-and-about will it store any logs while it is off the network and then send them once it reconnects to the network? Are those logs during the period its disconnected lost? Since a Win box can only be an agent and agent logs are sent to a server i'm not sure how OSSEC handles this situation. Im still looking and i have just bought the book so i'm going through it now too. But as of thus far i haven't seen anything specific on it. Thanks for any help.
Paul
