Dan, Thanks for replying,
> 1) We are planning to install OSSEC on around 300+ Linux servers, What is the best way for implementing the client? (Agentless / AgentBased interms of performance) > 300 shouldn't be too hard to handle. By default the manager will handle 256, but there are instructions for handling more on the site. Which one i can go for it? Agent based or Agent less? > 3) How to capture the userdetails in real time monitoring or in syscheck? > What user details? I want to capture the user details info when someone change/update some files on the agents, For example, If i am changing the /etc/resolv.conf file, I want to see in the report/alerts who changed this file at what time? Thanks, -Gopal.C On Mon, Jun 20, 2011 at 8:59 AM, dan (ddp) <[email protected]> wrote: > > On Jun 20, 2011 9:56 AM, "gopal krishnan" <[email protected]> > wrote: > > > > Hi Group, > > > > I am newbee to OSSEC, I am having three questions regrading OSSEC > implementation, > > > > 1) We are planning to install OSSEC on around 300+ Linux servers, What is > the best way for implementing the client? (Agentless / AgentBased interms of > performance) > > > > 300 shouldn't be too hard to handle. By default the manager will handle > 256, but there are instructions for handling more on the site. > > > 2) How to change the default log path for OSSEC? > > > > We want to store in /var/log/ossec instead of /var/ossec/log > > > > Install ossec in /var/log/ossec. The daemons generally chroot to the > install dir. > > > 3) How to capture the userdetails in real time monitoring or in syscheck? > > > > What user details? > > > Please provide me some hints / links if these questions already > adressed... > > > > Thanks a lot, > > > > Regards, > > -Gopal.C >
