Hello, I'm putting together an IDS (HIDS, NIDS, LIDS, and SIM) for a network.
My hosts are running debian lenny and one windows server 2008. One of my requirements is that the installation come from a debian repository for the linux boxes. To limit the amount of data going over the wire, I'm interested in sending alerts only when possible. I really like ossec, but since there is no debian repository for it (as far as I can tell), I have to look elsewhere for the the package install/update feature. I found prelude as a SIM/LIDS, samhain as an integrity checker for debian, and snort as a NIDS in the standard debian repository. So that leaves the windows box, and ossec windows agent seems to fit the bill. When installing the windows ossec agent, it asks for the ossec server ip as well as the authentication key. I want windows ossec agent to work with prelude. Here's my question: I see instructions for the linux agent (run "make setprelude;./install.sh"). How can I get an ossec windows agent to work with prelude? Thanks -- Richard Geddes BlueGolf - www.BlueGolf.com [email protected] | 610-293-0998 | 610-293-0987 (fax)
