Here is a question for the folks that know the innards of OSSEC. If OSSEC agent is watching a log file, and all the processing happens on the server - does that mean all the data in that log file is available on the ossec server?
In otherwords, if I had syslog sending to a central server, and yet OSSEC is also watching the syslog file, am I not double the data stream being sent to the server (assuming it is the same system?) thanks
