On Sun, Aug 15, 2010 at 1:51 PM, Houcem HACHICHA <[email protected]> wrote: > Hi, I have some questions about OSSEC, > > First, is it possible to store raw logs in a database, not just alerts?, >
OSSEC doesn't have this functionality. Other applications can do it though, rsyslog for instance can input syslog messages into postgresql or mysql. > Second, if I modify ossec.conf in the server side, will this modification > affect all the agents? If not, should I configure each agent apart? > Depends on what is changed. Some settings are server side only and affect all data coming in. Others would need to be set on the agents, possibly through the agent.conf. > Finally, if I change the port of an agent, say from 1514 to 2000, should I > modify anything on the server side for this modification to take effect? > If you point an agent at a port, the server has to be listening on that port. Look at the Remote options at http://www.ossec.net/main/manual/configuration-options/ > Thanks in advance :) > > -- > Best regards > > Houcem HACHICHA, > http://houcemhachicha.blogspot.com > > > >
