On Jun 20, 2011 9:56 AM, "gopal krishnan" <[email protected]> wrote: > > Hi Group, > > I am newbee to OSSEC, I am having three questions regrading OSSEC implementation, > > 1) We are planning to install OSSEC on around 300+ Linux servers, What is the best way for implementing the client? (Agentless / AgentBased interms of performance) >
300 shouldn't be too hard to handle. By default the manager will handle 256, but there are instructions for handling more on the site. > 2) How to change the default log path for OSSEC? > > We want to store in /var/log/ossec instead of /var/ossec/log > Install ossec in /var/log/ossec. The daemons generally chroot to the install dir. > 3) How to capture the userdetails in real time monitoring or in syscheck? > What user details? > Please provide me some hints / links if these questions already adressed... > > Thanks a lot, > > Regards, > -Gopal.C
