You need an ossec server install.
On Mon, Jun 21, 2010 at 1:18 PM, Richard Geddes <[email protected]> wrote: > Hello, > > I'm putting together an IDS (HIDS, NIDS, LIDS, and SIM) for a network. > > My hosts are running debian lenny and one windows server 2008. > > One of my requirements is that the installation come from a debian > repository for the linux boxes. > > To limit the amount of data going over the wire, I'm interested in sending > alerts only when possible. > > I really like ossec, but since there is no debian repository for it (as far > as I can tell), I have to look elsewhere for the the package install/update > feature. > > I found prelude as a SIM/LIDS, samhain as an integrity checker for debian, > and snort as a NIDS in the standard debian repository. > > So that leaves the windows box, and ossec windows agent seems to fit the > bill. > > When installing the windows ossec agent, it asks for the ossec server ip as > well as the authentication key. I want windows ossec agent to work with > prelude. > > > Here's my question: > > I see instructions for the linux agent (run "make setprelude;./install.sh"). > How can I get an ossec windows agent to work with prelude? > > Thanks > > -- > Richard Geddes > BlueGolf - www.BlueGolf.com > [email protected] | 610-293-0998 | 610-293-0987 (fax) >
