On Thu, Jun 2, 2011 at 1:23 PM, carlopmart <[email protected]> wrote: > On 06/02/2011 07:02 PM, Daniel Cid wrote: >> >> Would the multi-server architecture do what you want? >> >> http://dcid.me/2008/08/multi-server-architecture/ >> >> thanks, >> > > Yes, exactly, this is what I need, but without using syslog and > ossec-server1 and ossec-server2 will be able to store all alerts, logs, etc > until ossec-central-server will be up. > > Thanks Daniel. > > > -- > CL Martinez > carlopmart {at} gmail {d0t} com >
Use the syslog forwarder to forward to a local rsyslogd. Use the advanced features in rsyslogd to do the rest. It's still syslog, but lets you queue events nicely, encrtypt the data, etc.
