hello, I use the same as you: Ossec 2.6, Splunk splunk-4.2.3-105575 and Splunk app ossec-1.1.88. I have less than 10 agents actually, but no issue with column drops letters or word like - "disco" instead of "disconnected". Did you tried the same commands than splunk without problem? (sudo /opt/ossec/bin/agent_control -l' and 'sudo /opt/ossec/bin/ manage_agents) Do you have the same issue? (Timeout exceeded?)
AB On 29 août, 15:01, Patrick <[email protected]> wrote: > I am looking for a web frontend that managers and non-system users can > create reports from without needing direct access to the OSSEC > server. I have setup Splunk with the Ossec4splunk app and it looks > very promising except for a huge glaring issue that isn't being > answered by the app owner. (see my postings > --http://splunk-base.splunk.com/answers/29021/ossec_agent_statuspy-v-on...). > > So my questions to this group ... > Is there something else besides Splunk or Base (which the integration > with OSSEC seems to be dead)? > Is anyone else using Splunk with large number of clients (>1500)? > Or is there another way to accomplish this without a web interface? > > Thanks!
