Hey all, I think I know the answer already but I was wondering if it's possible to use OSSEC together with another logging utility (SBEventLog) or if they're going to be duplicating each other?
http://www.eventlog-monitor.info/ Currently SBEventLog is installed on a majority of our Windows servers, which also have OSSEC installed (primarily for File Integrity Monitoring). I've been trying to get others to understand that there is overlap here and that OSSEC can, effectively, do the same thing that SBEventLog is doing + more. I don't think anyone wants to listen because SBEventLog was setup by the senior engineer who recently left. And I think they trust his actions more than they do mine. My agenda is this: I want to get unnecessary services off the servers running them if at all possible so as to not hinder performance or to utilize more memory than needed. I believe we have these two agents coexisting on most servers as it is and nothing 'bad' has happened because of them, so far. But I just think it's pointless to have two separate utilities that are [seemingly] doing the same thing. Can anyone think of any reasons why I would want to keep SBEventLog? I'm not trying to bash on them or anything, but it also seems like they don't release many updates or have an active support group or community... TIA!
