Hi Kat, On Thu, Mar 17, 2011 at 1:45 PM, Kat <[email protected]> wrote: > Here is a question for the folks that know the innards of OSSEC. If > OSSEC agent is watching a log file, and all the processing happens on > the server - does that mean all the data in that log file is available > on the ossec server? >
Yes, all of the log messages on the agents are forwarded to the server. > In otherwords, if I had syslog sending to a central server, and yet > OSSEC is also watching the syslog file, am I not double the data > stream being sent to the server (assuming it is the same system?) > > thanks > Yep, you'd be doubling the effort.
