I believe you need the server (running on Linux) for OSSEC file integrity monitoring. We're looked at this recently for PCI compliance, and I believe that Splunk claims it can do FIM. Just Google Splunk and PCI DSS and you should find the PDF that mentions it (I think the PDF is call Splunk for PCI DSS).
Splunk can quickly become an expensive proposition. You may want to consider using OSSEC for FIM and logging, then forwarding the alerts from OSSEC to Splunk (basically using Splunk for the visualisations). On Sep 4, 1:29 pm, "dan (ddp)" <[email protected]> wrote: > I thought splunk got some FIM capabilities in 4.something. > The agent software is designed to work with a manager, not independently. > On Sep 3, 2011 11:21 PM, "Michael Mather" <[email protected]> > wrote: > > > > > > > > > I want to run Splunk as a logging server, and feed logs to it from the > client > > machine using their Universal Forwarder. > > > Unfortunately Splunk does not seem to do File Integrity Monitoring. > Further > > unfortunately, both machine are running Windows. > > > My question is whether the Ossec Windows Agent can run as a logging agent > > without the Ossec Manager. > > > I suspect the answer is "No", but could that be confirmed? > > > Thanks.
