On 06/02/2011 08:07 PM, dan (ddp) wrote:
On Thu, Jun 2, 2011 at 1:23 PM, carlopmart<[email protected]> wrote:
On 06/02/2011 07:02 PM, Daniel Cid wrote:
Would the multi-server architecture do what you want?
http://dcid.me/2008/08/multi-server-architecture/
thanks,
Yes, exactly, this is what I need, but without using syslog and
ossec-server1 and ossec-server2 will be able to store all alerts, logs, etc
until ossec-central-server will be up.
Thanks Daniel.
--
CL Martinez
carlopmart {at} gmail {d0t} com
Use the syslog forwarder to forward to a local rsyslogd. Use the
advanced features in rsyslogd to do the rest. It's still syslog, but
lets you queue events nicely, encrtypt the data, etc.
Yes, it is an option but implies more reconfiguration on the
ossec-central-server side ... It will be good an "ossec solution" like
as a forwarder instead of use rsyslog/syslog ...
What do you think Daniel??
--
CL Martinez
carlopmart {at} gmail {d0t} com
