On Wed, Sep 22, 2010 at 4:06 PM, Kacper Wysocki <[email protected]> wrote: > > Hi Tyler, > it seems that others on the list are managing at least that amount of > agents, and there is an ongoing thread where Christopher Moraes today > reported 6000 events per second (log monitor only) no problem. > > I'm curious though, what are people doing with the alerts? Email > alerts do not seem to be a feasible approach even for a couple clients > unless a lot of time is spent setting up ignore rules. > > Cheers, > -Kacper >
This should be a separate thread. You could use any number of SIEM products to handle the events. Splunk even has an OSSEC app available to help.
