On Wed, Sep 14, 2011 at 3:56 AM, Falk <[email protected]> wrote: > Hi, > > I'm collecting information for a project that starts up when I get back to > work in October. > I have tried out OSSEC on a few lab hosts a year or so. > > So now we will try out to collect "all" our logs through OSSEC than send > them to Graylog2 with MongoDB backend. >
I'm using logstash to collect my logs (syslog + ossec alerts) and forward them to graylog2 (using gelf). If graylog2 supports syslog input you can easily forward ossec alerts using the client syslog program, and rsyslog or syslog-ng can read the archives.log file if you want ALL of the logs. You may need to do a little bit of tweaking to get rid of OSSEC's header, but it should be do-able. > Anyone tried this, or are everyone going Snort nowdays? > I don't think snort will collect your logs and forward them on to graylog2. > -- > Regards Falk > >
