Duh, it is possible - what I meant was: is it "practical" to use OSSEC with... :P
On Jan 14, 12:55 pm, jplee3 <[email protected]> wrote: > Hey all, > > I think I know the answer already but I was wondering if it's possible > to use OSSEC together with another logging utility (SBEventLog) or if > they're going to be duplicating each other? > > http://www.eventlog-monitor.info/ > > Currently SBEventLog is installed on a majority of our Windows > servers, which also have OSSEC installed (primarily for File Integrity > Monitoring). I've been trying to get others to understand that there > is overlap here and that OSSEC can, effectively, do the same thing > that SBEventLog is doing + more. > > I don't think anyone wants to listen because SBEventLog was setup by > the senior engineer who recently left. And I think they trust his > actions more than they do mine. > > My agenda is this: I want to get unnecessary services off the servers > running them if at all possible so as to not hinder performance or to > utilize more memory than needed. I believe we have these two agents > coexisting on most servers as it is and nothing 'bad' has happened > because of them, so far. But I just think it's pointless to have two > separate utilities that are [seemingly] doing the same thing. > > Can anyone think of any reasons why I would want to keep SBEventLog? > I'm not trying to bash on them or anything, but it also seems like > they don't release many updates or have an active support group or > community... > > TIA!
