Hi Falk, this may be helpfull http://www.ossec.net/main/manual/manual-muti-server-architecture/
Jakub On Oct 27, 8:39 pm, Falk <[email protected]> wrote: > Hi Michael, > > Yes, didn't think about that at all... > I'm too single minded, have everything internal on a mgmt vlan :) > > Place the server on the DMZ and protect it with a host based firewall > so that out logs are secured even if they are out on the DMZ, so to > speak? > Then I must read up how to forward alerts from one server to another.. > > Thanks for the suggestion! > -- > Regards Falk > > On Oct 27, 4:27 am, Michael Starks <[email protected]> > wrote: > > > > > Falk wrote: > > > Hi, > > > > When monitoring servers on different nets how do you plan your server > > > installation? > > > > My thought is to monitor both our dmz and internal servers. > > > But I don't want to drill holes to our internal net from every dmz > > > server.. > > > Hello Falk, > > > One possibility is to use two OSSEC servers in a distributed fashion. If > > the master server were in the DMZ then you wouldn't have to poke any > > inbound holes in the firewall. The OSSEC server on the LAN would forward > > the alerts to the master.
