According to the Slides (slide #3) on the OSSEC site, OSSEC is NOT a log management tool, it only stores alerts, not every single log, they recommend that you still have a log management and long term storage solution of all logs outside of the OSSEC tool.
http://www.ossec.net/ossec-docs/auscert-2007-dcid.pdf However, this slide is from 2007, has this changed? Some of my co-workers seem to think OSSEC will do both Log Management as a centralized log manager AND HIDS security logging? We'd like to use OSSEC for both, but need to know what it is capable (intended) to be used for before we move forward. I will continue to search your website and documentation for answers as well. Thank you ahead of time for any insight you can provide. Respectfully, James Keegan, CISSP Information Security Officer Essent w-336.776.3914l ----------------------------------------- The information contained in this email and any attachments may be privileged and/or confidential and protected from disclosure. It is intended solely for the use of the recipient(s) to whom it is addressed, or an employee or agent responsible for delivering this message to the intended recipient(s). You are hereby notified that any dissemination, distribution, copying or other use of this communication is strictly prohibited. If you have received this communication in error, please notify the sender by reply email and delete this email and all attachments from your system. Thank you. -- To unsubscribe, reply using "remove me" as the subject.
