On Mon, Nov 29, 2010 at 4:58 AM, Dusko Mirjanic <[email protected]> wrote: > Hi all, > > Is it possible to combine OSSEC server installation and SNORT on single box > (without virtualization)? > > Thanks, > Dusko
It should work just fine. OSSEC can read snort's logs in syslog and the full format (possibly others, but I'm being lazy at the moment). Personally I'd run snort on an agent machine, just to separate 2 risky activities.
