I have an application which will be running as a clustered service. I want to run standard integrity checks on this application. It could be on any one of three servers, and will move between these servers.
I could not find any OSSEC documentation that relates to clusters I cannot monitor the clustered service's files via the servers as they will disappear and produce alerts. As the clustered service has it's own IP address I am hoping that I can monitor these files through that name and IP address. Does that sound feasible? Has anyone set up OSSEC on a similar system?
