Falk wrote: > Hi, > > When monitoring servers on different nets how do you plan your server > installation? > > My thought is to monitor both our dmz and internal servers. > But I don't want to drill holes to our internal net from every dmz > server..
Hello Falk, One possibility is to use two OSSEC servers in a distributed fashion. If the master server were in the DMZ then you wouldn't have to poke any inbound holes in the firewall. The OSSEC server on the LAN would forward the alerts to the master.
