On 09/03/2011 08:39 PM, Michael Mather wrote:
I want to run Splunk as a logging server, and feed logs to it from the client
machine using their Universal Forwarder.
Unfortunately Splunk does not seem to do File Integrity Monitoring. Further
unfortunately, both machine are running Windows.
My question is whether the Ossec Windows Agent can run as a logging agent
without the Ossec Manager.
I suspect the answer is "No", but could that be confirmed?
Yes, you need the manager, but ossec could also forward to Splunk. There
are several ways to tie it all together.
