Hi Michael, Yes, didn't think about that at all... I'm too single minded, have everything internal on a mgmt vlan :)
Place the server on the DMZ and protect it with a host based firewall so that out logs are secured even if they are out on the DMZ, so to speak? Then I must read up how to forward alerts from one server to another.. Thanks for the suggestion! -- Regards Falk On Oct 27, 4:27 am, Michael Starks <[email protected]> wrote: > Falk wrote: > > Hi, > > > When monitoring servers on different nets how do you plan your server > > installation? > > > My thought is to monitor both our dmz and internal servers. > > But I don't want to drill holes to our internal net from every dmz > > server.. > > Hello Falk, > > One possibility is to use two OSSEC servers in a distributed fashion. If > the master server were in the DMZ then you wouldn't have to poke any > inbound holes in the firewall. The OSSEC server on the LAN would forward > the alerts to the master.
